Apple Safari vulnerabilities

CVE-2017-2521 [HIGH] CVE-2017-2521: Safari 10.1.1 Apple Security Update: About the security content of Safari 10.1.1 Product: Safari Version: 10.1.1 CVE: CVE-2017-2521 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2011-3438 [HIGH] CWE-119 CVE-2011-3438: WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.

CVE-2017-5949 [CRITICAL] CWE-787 CVE-2017-5949: JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote atta JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llin

CVE-2016-10226 [HIGH] CWE-125 CVE-2016-10226: JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote atta JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wa

CVE-2016-10222 [HIGH] CWE-20 CVE-2016-10222: runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Rele runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.

CVE-2017-2444 [HIGH] CWE-119 CVE-2017-2444: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cr

CVE-2017-2466 [HIGH] CWE-119 CVE-2017-2466: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2455 [HIGH] CWE-119 CVE-2017-2455: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2377 [HIGH] CWE-119 CVE-2017-2377: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.

CVE-2017-2470 [HIGH] CWE-119 CVE-2017-2470: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2457 [HIGH] CWE-119 CVE-2017-2457: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2396 [HIGH] CWE-119 CVE-2017-2396: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2389 [HIGH] CVE-2017-2389: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.

CVE-2017-2378 [HIGH] CWE-20 CVE-2017-2378: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.

CVE-2017-2468 [HIGH] CWE-119 CVE-2017-2468: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2433 [HIGH] CWE-119 CVE-2017-2433: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2447 [HIGH] CWE-119 CVE-2017-2447: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.

CVE-2017-2392 [HIGH] CWE-119 CVE-2017-2392: An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involve An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-2464 [HIGH] CWE-119 CVE-2017-2464: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2394 [HIGH] CWE-119 CVE-2017-2394: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.