First published: Mon Mar 27 2017(Updated: )
Safari. A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.
Credit: ShenYeYinJiu Tencent Security Response CenterTSRC product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS and iPadOS | <10.3 | 10.3 |
Safari | <=10.0.3 | |
iPhone OS | <=10.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-2389 has a medium severity level due to the potential for spoofing and denial-of-service attacks.
To fix CVE-2017-2389, upgrade to Safari version 10.1 or later or to iOS version 10.3 or later.
CVE-2017-2389 affects Apple Safari versions prior to 10.1 and iOS versions prior to 10.3.
CVE-2017-2389 is a spoofing and denial-of-service issue that arises from improper handling of HTTP authentication.
Yes, Apple has released patches in Safari version 10.1 and iOS version 10.3 to address CVE-2017-2389.