CVE-2017-7006: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue…

CVE-2017-7006 [MEDIUM] CWE-203 GHSA-m9wj-v55g-xvqw: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.

CVE-2017-7006 [MEDIUM] CVE-2017-7006: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.

CVE-2017-7006 [MEDIUM] CVE-2017-7006: Safari 10.1.2 Apple Security Update: About the security content of Safari 10.1.2 Product: Safari Version: 10.1.2 CVE: CVE-2017-7006 Component: WebKit Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.

CVE-2017-7006 [MEDIUM] CVE-2017-7006: tvOS 10.2.2 Apple Security Update: About the security content of tvOS 10.2.2 Product: tvOS Version: 10.2.2 CVE: CVE-2017-7006 Component: WebKit Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.

CVE-2017-7006 [MEDIUM] CVE-2017-7006: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7006 Component: WebKit Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.

CVE-2017-7006 [MEDIUM] CVE-2017-7006: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected... An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. Scope: local bookworm: resolved (fixed in 2.16.3-2) bullseye: resolved (fixed in 2.16.3-2) forky: resolved (fixed in 2.16.3-2) sid: resolved (fixed in 2.16.3-2) trixie: resolved (fixed in 2.16.3-2)