What is CVE-2017-13866?

CVE-2017-13866 is a vulnerability in the WebKit component of certain Apple products, including iOS, Safari, iCloud, iTunes, and tvOS.

How does CVE-2017-13866 impact Apple products?

CVE-2017-13866 allows remote attackers to execute arbitrary code or cause a denial of service.

Which Apple products are affected by CVE-2017-13866?

iOS versions prior to 11.2, Safari versions prior to 11.0.2, iCloud versions prior to 7.2 on Windows, iTunes versions prior to 12.7.2 on Windows, and tvOS versions prior to 11.2 are affected.

How can I fix CVE-2017-13866?

Update your iOS device, Safari, iCloud, iTunes, or tvOS to the latest available version.

Where can I find more information about CVE-2017-13866?

You can find more information about CVE-2017-13866 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102181), [SecurityTracker](http://www.securitytracker.com/id/1040012), [SecurityTracker](http://www.securitytracker.com/id/1040013).

Vulnerability/
CVE-2017-13866

high

8.8

CWE

119

2/12/2017

25/12/2017

5/8/2024

CVE-2017-13866: Buffer Overflow

First published: Sat Dec 02 2017(Updated: )

WebKit. Multiple memory corruption issues were addressed with improved memory handling.

Credit: Yuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend MicroYuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend MicroYuan Deng Antan anonymous researcher Jeonghoon Shin Tencent Keen Security Lab @keen_lab Trend MicroRichard Zhu (fluorescence) Trend MicroTencent Keen Security Lab @keen_lab Trend Micro product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iTunes for Windows	<12.7.2	12.7.2
Apple tvOS	<11.2	11.2
Apple iOS	<11.2	11.2
Apple Safari	<11.0.2
Apple iPhone OS	<11.2
Apple tvOS	<11.2
Apple iCloud	<7.2
Apple iTunes	<12.7.2
Microsoft Windows
Apple Webkit

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2017-13866?
CVE-2017-13866 is a vulnerability in the WebKit component of certain Apple products, including iOS, Safari, iCloud, iTunes, and tvOS.
How does CVE-2017-13866 impact Apple products?
CVE-2017-13866 allows remote attackers to execute arbitrary code or cause a denial of service.
Which Apple products are affected by CVE-2017-13866?
iOS versions prior to 11.2, Safari versions prior to 11.0.2, iCloud versions prior to 7.2 on Windows, iTunes versions prior to 12.7.2 on Windows, and tvOS versions prior to 11.2 are affected.
How can I fix CVE-2017-13866?
Update your iOS device, Safari, iCloud, iTunes, or tvOS to the latest available version.
Where can I find more information about CVE-2017-13866?
You can find more information about CVE-2017-13866 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102181), [SecurityTracker](http://www.securitytracker.com/id/1040012), [SecurityTracker](http://www.securitytracker.com/id/1040013).

collector/apple-support
alias/CVE-2017-7157
alias/CVE-2017-13856
alias/CVE-2017-13870
alias/CVE-2017-7160
alias/CVE-2017-13866
agent/type
agent/first-publish-date
agent/software-canonical-lookup-request
agent/severity
agent/references
agent/weakness
agent/author
agent/description
collector/nvd-index
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/tags
agent/trending
vendor/apple
canonical/apple itunes for windows
canonical/apple tvos
canonical/apple ios
canonical/apple safari
canonical/apple iphone os
canonical/apple icloud
canonical/apple itunes
vendor/microsoft
canonical/microsoft windows
canonical/apple webkit