CVE-2017-6980
published 2017-05-22CVE-2017-6980: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue…
PriorityP263high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.57%
93.0th percentile
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 10.3.1 | — |
| apple | safari | <= 10.1 | — |
| apple | safari | — | — |
| apple | tvos | <= 10.2 | — |
| apple | tvos | — | — |
| debian | webkit2gtk | < webkit2gtk 2.16.3-2 (bookworm) | webkit2gtk 2.16.3-2 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a crafted web page exploiting WebKit's JSC arrayProtoFuncSplice, which fails to initialize all indices of a JSArray created with tryCreateForInitializationPrivate when the array type is forced to ArrayWithSlowPutArrayStorage via JSGlobalObject::haveABadTime — monitor for JavaScript payloads using Array.prototype.splice on large arrays combined with GC-triggering loops and Array.fill with float values. ↗
- →PoC exploit pattern involves repeated GC calls, filling arrays of size 0x100 with float value 1234.5678, then calling splice(0) — detect JavaScript in web content performing large typed-array fills with floating-point constants followed by splice operations as a potential heap-spray/memory-corruption primitive. ↗
- →The root cause is in WebKit JSC: arrayProtoFuncSplice skips holes in thisObj when initializing result indices, leaving uninitialized memory accessible — flag WebKit/Safari/iOS WebContent process crashes (memory corruption) originating from web content processing as potential exploitation attempts. ↗
- →Exploitation vector is remote via a crafted web site — any WebKit-based browser (Safari ≤10.1.0, iOS WebKit ≤10.3.1, tvOS WebKit ≤10.2.0) visiting attacker-controlled web content is at risk; monitor for unexpected crashes in com.apple.WebKit.WebContent or equivalent WebKit renderer processes. ↗
- ·The PoC exploit code shown is a proof-of-concept demonstrating the uninitialized memory condition; actual in-the-wild exploits may use different array sizes, fill values, or GC-triggering strategies — detection rules based solely on the PoC constants (0x100, 1234.5678) may miss variants. ↗
- ·The vulnerability affects WebKit as a component shared across iOS, Safari, and tvOS — patched versions are iOS 10.3.2, Safari 10.1.1, and tvOS 10.2.1; detections should account for all three attack surfaces, not just desktop Safari. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2017-6980: iOS 10.3.2
vendor_apple·2017-05-15·CVSS 8.8
CVE-2017-6980 [HIGH] CVE-2017-6980: iOS 10.3.2
Apple Security Update: About the security content of iOS 10.3.2
Product: iOS
Version: 10.3.2
CVE: CVE-2017-6980
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2017-6980: tvOS 10.2.1
vendor_apple·2017-05-15·CVSS 8.8
CVE-2017-6980 [HIGH] CVE-2017-6980: tvOS 10.2.1
Apple Security Update: About the security content of tvOS 10.2.1
Product: tvOS
Version: 10.2.1
CVE: CVE-2017-6980
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Apple
CVE-2017-6980: Safari 10.1.1
vendor_apple·2017-05-15·CVSS 8.8
CVE-2017-6980 [HIGH] CVE-2017-6980: Safari 10.1.1
Apple Security Update: About the security content of Safari 10.1.1
Product: Safari
Version: 10.1.1
CVE: CVE-2017-6980
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
Debian
CVE-2017-6980: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected...
vendor_debian·2017·CVSS 8.8
CVE-2017-6980 [HIGH] CVE-2017-6980: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected...
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Scope: local
bookworm: resolved (fixed in 2.16.3-2)
bullseye: resolved (fixed in 2.16.3-2)
forky: resolved (fixed in 2.16.3-2)
sid: resolved (fixed in 2.16.3-2)
trixie: resolved (fixed in 2.16.3-2)
GHSA
GHSA-pg2j-243w-mh77: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-14
CVE-2017-6980 [HIGH] CWE-119 GHSA-pg2j-243w-mh77: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
OSV
CVE-2017-6980: An issue was discovered in certain Apple products
osv·2017-05-22·CVSS 8.8
CVE-2017-6980 [HIGH] CVE-2017-6980: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/98473http://www.securitytracker.com/id/1038487https://security.gentoo.org/glsa/201706-15https://support.apple.com/HT207798https://support.apple.com/HT207801https://support.apple.com/HT207804https://www.exploit-db.com/exploits/42189/http://www.securityfocus.com/bid/98473http://www.securitytracker.com/id/1038487https://security.gentoo.org/glsa/201706-15https://support.apple.com/HT207798https://support.apple.com/HT207801https://support.apple.com/HT207804https://www.exploit-db.com/exploits/42189/
2017-05-22
Published