CVE-2017-7152
published 2017-12-27CVE-2017-7152: An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote…
PriorityP419medium4.3CVSS 3.0
AVNACLPRNUIRSUCNILAN
EPSS
0.47%
64.8th percentile
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios_13.2_and_ipados | — | — |
| apple | iphone_os | < 11.2 | 11.2 |
| apple | macos_catalina_10.15.1_security_update_2019-001_and_security_update_2019-006 | — | — |
| apple | watchos | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Apple
CVE-2017-7152: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
vendor_apple·2019-10-29·CVSS 4.3
CVE-2017-7152 [MEDIUM] CVE-2017-7152: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
Apple Security Update: About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
Product: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
CVE: CVE-2017-7152
Component: Contacts
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Apple
CVE-2017-7152: watchOS 6.1
vendor_apple·2019-10-29·CVSS 4.3
CVE-2017-7152 [MEDIUM] CVE-2017-7152: watchOS 6.1
Apple Security Update: About the security content of watchOS 6.1
Product: watchOS
Version: 6.1
CVE: CVE-2017-7152
Component: Contacts
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Apple
CVE-2017-7152: iOS 13.2 and iPadOS 13.2
vendor_apple·2019-10-28·CVSS 4.3
CVE-2017-7152 [MEDIUM] CVE-2017-7152: iOS 13.2 and iPadOS 13.2
Apple Security Update: About the security content of iOS 13.2 and iPadOS 13.2
Product: iOS 13.2 and iPadOS
Version: 13.2
CVE: CVE-2017-7152
Component: Contacts
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
Apple
CVE-2017-7152: iOS 11.2
vendor_apple·2017-12-02·CVSS 4.3
CVE-2017-7152 [MEDIUM] CVE-2017-7152: iOS 11.2
Apple Security Update: About the security content of iOS 11.2
Product: iOS
Version: 11.2
CVE: CVE-2017-7152
Component: Mail Message Framework
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
GHSA
GHSA-83rq-mxvp-fh45: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-13
CVE-2017-7152 [MEDIUM] GHSA-83rq-mxvp-fh45: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2019/Oct/49http://seclists.org/fulldisclosure/2019/Oct/54http://seclists.org/fulldisclosure/2019/Oct/56https://support.apple.com/HT208334https://support.apple.com/kb/HT210721https://support.apple.com/kb/HT210722https://support.apple.com/kb/HT210724http://seclists.org/fulldisclosure/2019/Oct/49http://seclists.org/fulldisclosure/2019/Oct/54http://seclists.org/fulldisclosure/2019/Oct/56https://support.apple.com/HT208334https://support.apple.com/kb/HT210721https://support.apple.com/kb/HT210722https://support.apple.com/kb/HT210724
2017-12-27
Published