Apple Safari vulnerabilities

1,592 known vulnerabilities affecting apple/safari.

Total CVEs

1,592

CISA KEV

actively exploited

Public exploits

157

Exploited in wild

Severity breakdown

CRITICAL211HIGH603MEDIUM757LOW20UNKNOWN1

Vulnerabilities

Page 39 of 80

CVE-2017-2442MEDIUMCVSS 6.5PoC≤ 10.0.32017-04-02

CVE-2017-2442 [MEDIUM] CWE-20 CVE-2017-2442: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

nvdapple

CVE-2017-2367MEDIUMCVSS 6.5PoC≤ 10.0.32017-04-02

CVE-2017-2367 [MEDIUM] CVE-2017-2367: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

nvdapple

CVE-2017-2385MEDIUMCVSS 5.5≤ 10.0.32017-04-02

CVE-2017-2385 [MEDIUM] CWE-200 CVE-2017-2385: An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involve An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.

nvdapple

CVE-2017-2479MEDIUMCVSS 6.5PoCfixed in 10.12017-04-02

CVE-2017-2479 [MEDIUM] CWE-20 CVE-2017-2479: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive inf

nvdapple

CVE-2017-2445MEDIUMCVSS 6.1PoC≤ 10.0.32017-04-02

CVE-2017-2445 [MEDIUM] CWE-79 CVE-2017-2445: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.

nvdapple

CVE-2016-9643HIGHCVSS 7.5v10.12017-03-27

CVE-2016-9643 [HIGH] CVE-2016-9643: Safari 10.1 Apple Security Update: About the security content of Safari 10.1 Product: Safari Version: 10.1 CVE: CVE-2016-9643 Component: WebKit Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing.

apple

CVE-2017-2491HIGHCVSS 8.8PoCv10.12017-03-27

CVE-2017-2491 [HIGH] CVE-2017-2491: Safari 10.1 Apple Security Update: About the security content of Safari 10.1 Product: Safari Version: 10.1 CVE: CVE-2017-2491 Component: JavaScriptCore Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management.

apple

CVE-2017-2415HIGHCVSS 8.8v10.12017-03-27

CVE-2017-2415 [HIGH] CVE-2017-2415: Safari 10.1 Apple Security Update: About the security content of Safari 10.1 Product: Safari Version: 10.1 CVE: CVE-2017-2415 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling.

apple

CVE-2016-9642MEDIUMCVSS 5.5v10.12017-03-27

CVE-2016-9642 [MEDIUM] CVE-2016-9642: Safari 10.1 Apple Security Update: About the security content of Safari 10.1 Product: Safari Version: 10.1 CVE: CVE-2016-9642 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation.

apple

CVE-2016-7648HIGHCVSS 8.8≤ 10.0.12017-02-20

CVE-2016-7648 [HIGH] CWE-119 CVE-2016-7648: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra

nvdapple

CVE-2016-7610HIGHCVSS 8.8≤ 10.0.12017-02-20

CVE-2016-7610 [HIGH] CWE-119 CVE-2016-7610: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra

nvdapple

CVE-2017-2354HIGHCVSS 8.8fixed in 10.0.32017-02-20

CVE-2017-2354 [HIGH] CWE-119 CVE-2017-2354: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt

nvdapple

CVE-2016-7656HIGHCVSS 8.8≤ 10.0.12017-02-20

CVE-2016-7656 [HIGH] CWE-119 CVE-2016-7656: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra

nvdapple

CVE-2016-7641HIGHCVSS 8.8≤ 10.0.12017-02-20

CVE-2016-7641 [HIGH] CWE-119 CVE-2016-7641: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra

nvdapple

CVE-2017-2366HIGHCVSS 8.8≤ 10.0.22017-02-20

CVE-2017-2366 [HIGH] CWE-119 CVE-2017-2366: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a

nvdapple

CVE-2017-2369HIGHCVSS 8.8PoCfixed in 10.0.32017-02-20

CVE-2017-2369 [HIGH] CWE-119 CVE-2017-2369: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

nvdapple

CVE-2017-2373HIGHCVSS 8.8PoCfixed in 10.0.32017-02-20

CVE-2017-2373 [HIGH] CWE-119 CVE-2017-2373: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

nvdapple

CVE-2016-7654HIGHCVSS 8.8≤ 10.0.12017-02-20

CVE-2016-7654 [HIGH] CWE-119 CVE-2016-7654: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra

nvdapple

CVE-2016-4666HIGHCVSS 8.8fixed in 10.0.12017-02-20

CVE-2016-4666 [HIGH] CWE-119 CVE-2016-4666: An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

nvdapple

CVE-2016-7611HIGHCVSS 8.8≤ 10.0.12017-02-20

CVE-2016-7611 [HIGH] CWE-119 CVE-2016-7611: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra

nvdapple

← Previous39 / 80Next →