What is CVE-2017-13856?

CVE-2017-13856 is a vulnerability in WebKit that allows remote attackers to execute arbitrary code or cause a denial of service.

Which Apple products are affected by CVE-2017-13856?

iOS before 11.2, Safari before 11.0.2, iCloud before 7.2 on Windows, iTunes before 12.7.2 on Windows, and tvOS before 11.2 are affected by CVE-2017-13856.

What is the severity of CVE-2017-13856?

CVE-2017-13856 has a severity rating of 8.8 (high).

How can I fix CVE-2017-13856?

To fix CVE-2017-13856, update to the latest versions of the affected Apple products: iOS 11.2, Safari 11.0.2, iCloud 7.2 on Windows, iTunes 12.7.2 on Windows, and tvOS 11.2.

Where can I find more information about CVE-2017-13856?

You can find more information about CVE-2017-13856 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102181) and [SecurityTracker](http://www.securitytracker.com/id/1040012, http://www.securitytracker.com/id/1040013).

Vulnerability/
CVE-2017-13856

high

8.8

CWE

119

2/12/2017

25/12/2017

5/8/2024

CVE-2017-13856: Buffer Overflow

First published: Sat Dec 02 2017(Updated: )

WebKit. Multiple memory corruption issues were addressed with improved memory handling.

Credit: Yuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend MicroYuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend MicroYuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend Micro product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iTunes for Windows	<12.7.2	12.7.2
Apple tvOS	<11.2	11.2
Apple iOS	<11.2	11.2
Apple Safari	<11.0.2
Apple iPhone OS	<11.2
Apple tvOS	<11.2
Apple iCloud	<7.2
Apple iTunes	<12.7.2
Microsoft Windows
Apple Webkit

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2017-13856?
CVE-2017-13856 is a vulnerability in WebKit that allows remote attackers to execute arbitrary code or cause a denial of service.
Which Apple products are affected by CVE-2017-13856?
iOS before 11.2, Safari before 11.0.2, iCloud before 7.2 on Windows, iTunes before 12.7.2 on Windows, and tvOS before 11.2 are affected by CVE-2017-13856.
What is the severity of CVE-2017-13856?
CVE-2017-13856 has a severity rating of 8.8 (high).
How can I fix CVE-2017-13856?
To fix CVE-2017-13856, update to the latest versions of the affected Apple products: iOS 11.2, Safari 11.0.2, iCloud 7.2 on Windows, iTunes 12.7.2 on Windows, and tvOS 11.2.
Where can I find more information about CVE-2017-13856?
You can find more information about CVE-2017-13856 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102181) and [SecurityTracker](http://www.securitytracker.com/id/1040012, http://www.securitytracker.com/id/1040013).

collector/apple-support
alias/CVE-2017-7157
alias/CVE-2017-13856
alias/CVE-2017-13870
alias/CVE-2017-7160
alias/CVE-2017-13866
agent/type
agent/last-modified-date
agent/first-publish-date
agent/software-canonical-lookup-request
agent/severity
agent/references
agent/weakness
agent/author
agent/description
agent/event
collector/nvd-index
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple itunes for windows
canonical/apple tvos
canonical/apple ios
canonical/apple safari
canonical/apple iphone os
canonical/apple icloud
canonical/apple itunes
vendor/microsoft
canonical/microsoft windows
canonical/apple webkit