CVE-2017-6984: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is…

CVE-2017-6984 [HIGH] CVE-2017-6984: iOS 10.3.2 Apple Security Update: About the security content of iOS 10.3.2 Product: iOS Version: 10.3.2 CVE: CVE-2017-6984 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-6984 [HIGH] CVE-2017-6984: tvOS 10.2.1 Apple Security Update: About the security content of tvOS 10.2.1 Product: tvOS Version: 10.2.1 CVE: CVE-2017-6984 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-6984 [HIGH] CVE-2017-6984: Safari 10.1.1 Apple Security Update: About the security content of Safari 10.1.1 Product: Safari Version: 10.1.1 CVE: CVE-2017-6984 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-6984 [HIGH] CVE-2017-6984: iTunes 12.6.1 for Windows Apple Security Update: About the security content of iTunes 12.6.1 for Windows Product: iTunes 12.6.1 for Windows CVE: CVE-2017-6984 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-6984 [HIGH] CVE-2017-6984: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.2 is affected... An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolved (fixed in 2.16.3-2) forky: resolved (fixed in 2.16.3-2) sid: resolved (fixed in 2.16.3-2) trixie: resolved (fixed in 2.16.3-2)

CVE-2017-6984 [HIGH] CWE-119 GHSA-wrpm-88f6-h7pp: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-6984 [HIGH] CVE-2017-6984: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-6984 WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow WebKit JSC - 'Intl.getCanonicalLocales' Heap Buffer Overflow --- arrayStorage(); storage->m_sparseMap.clear(); storage->m_indexBias = 0; storage->m_numValuesInVector = 0; return butterfly; } It allocates a fixed size(BASE_ARRAY_STORAGE_VECTOR_LEN) of memory without caring about |initialLength|. So a BOF occurs in the following iteration. EncodedJSValue JSC_HOST_CALL intlObjectFuncGetCanonicalLocales(ExecState* state) { ... auto length = localeList.size(); for (size_t i = 0; i initializeIndex(vm, i, jsString(state, localeList[i])); RETURN_IF_EXCEPTION(scope, encodedJSValue()); } ... } PoC: --> Object.prototype.__defineGetter__(1000, () => 2); let locales = ['mr', 'bs', 'ee-TG', 'ms', 'kam-KE', 'mt', 'ha', 'es-HN', 'ml-IN', 'ro-MD', 'kab-DZ', 'he', 'es-CO', 'my', 'es-PA', 'az-Latn',