CVE-2017-13866: Buffer Overflow
First published: Sat Dec 02 2017(Updated: )
WebKit. Multiple memory corruption issues were addressed with improved memory handling.
Credit: Yuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend MicroYuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend MicroYuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend Micro product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iTunes for Windows | <12.7.2 | 12.7.2 |
| Apple tvOS | <11.2 | 11.2 |
| Apple iOS | <11.2 | 11.2 |
| Apple Safari | <11.0.2 | |
| Apple iPhone OS | <11.2 | |
| Apple tvOS | <11.2 | |
| Apple iCloud | <7.2 | |
| Apple iTunes | <12.7.2 | |
| Microsoft Windows | ||
| Apple Webkit |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208326 (Advisory)
- https://support.apple.com/en-us/HT208327 (Advisory)
- https://support.apple.com/en-us/HT208334 (Advisory)
- http://www.securityfocus.com/bid/102181
- http://www.securitytracker.com/id/1040012
- http://www.securitytracker.com/id/1040013
- https://security.gentoo.org/glsa/201801-09
- https://support.apple.com/HT208324
- https://support.apple.com/HT208326
- https://support.apple.com/HT208327
- https://support.apple.com/HT208328
- https://support.apple.com/HT208334
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-13864
- CVE-2017-7172
- CVE-2017-7151
- CVE-2017-15422
- CVE-2017-13885
- CVE-2017-7165
- CVE-2017-13884
- CVE-2017-7156
- CVE-2017-7157
- CVE-2017-13856
- CVE-2017-13870
- CVE-2017-7160
- CVE-2017-13866
- CVE-2017-7153
- CVE-2017-7164
- CVE-2017-13905
- CVE-2017-7171
- CVE-2017-7162
- CVE-2017-13861
- CVE-2017-13904
- CVE-2017-5754
- CVE-2017-13862
- CVE-2017-13867
- CVE-2017-13876
- CVE-2017-7173
- CVE-2017-13855
- CVE-2017-13865
- CVE-2017-13868
- CVE-2017-13869
- CVE-2017-7154
- CVE-2017-13080
- CVE-2017-2411
- CVE-2017-13847
- CVE-2017-13879
- CVE-2017-13880
- CVE-2017-13874
- CVE-2017-13860
- CVE-2017-7152
- CVE-2017-13888
- CVE-2017-13891
Frequently Asked Questions
What is CVE-2017-13866?
CVE-2017-13866 is a vulnerability in the WebKit component of certain Apple products, including iOS, Safari, iCloud, iTunes, and tvOS.
How does CVE-2017-13866 impact Apple products?
CVE-2017-13866 allows remote attackers to execute arbitrary code or cause a denial of service.
Which Apple products are affected by CVE-2017-13866?
iOS versions prior to 11.2, Safari versions prior to 11.0.2, iCloud versions prior to 7.2 on Windows, iTunes versions prior to 12.7.2 on Windows, and tvOS versions prior to 11.2 are affected.
How can I fix CVE-2017-13866?
Update your iOS device, Safari, iCloud, iTunes, or tvOS to the latest available version.
Where can I find more information about CVE-2017-13866?
You can find more information about CVE-2017-13866 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102181), [SecurityTracker](http://www.securitytracker.com/id/1040012), [SecurityTracker](http://www.securitytracker.com/id/1040013).
- collector/apple-support
- alias/CVE-2017-7157
- alias/CVE-2017-13856
- alias/CVE-2017-13870
- alias/CVE-2017-7160
- alias/CVE-2017-13866
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple tvos
- canonical/apple ios
- canonical/apple safari
- canonical/apple iphone os
- canonical/apple icloud
- canonical/apple itunes
- vendor/microsoft
- canonical/microsoft windows
- canonical/apple webkit