CVE-2017-2463: Use After Free
First published: Mon Mar 27 2017(Updated: )
WebKit. Multiple memory corruption issues were addressed through improved memory handling.
Credit: Kai Kang (4B5F5F4B) Tencent product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <10.3 | 10.3 |
| Apple iCloud for Windows | <6.2 | |
| Apple iTunes for Windows | <12.6 | |
| Microsoft Windows | ||
| Apple Mobile Safari | <10.1 | |
| iStyle @cosme iPhone OS | <10.3 | |
| tvOS | <10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT207617 (Advisory)
- http://www.securityfocus.com/bid/97176
- http://www.securitytracker.com/id/1038157
- http://zerodayinitiative.com/advisories/ZDI-17-241/
- https://support.apple.com/HT207599
- https://support.apple.com/HT207600
- https://support.apple.com/HT207601
- https://support.apple.com/HT207607
- https://support.apple.com/HT207617
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-2397
- CVE-2017-2430
- CVE-2017-2462
- CVE-2017-2379
- CVE-2017-2417
- CVE-2017-2444
- CVE-2017-2435
- CVE-2017-2450
- CVE-2017-2461
- CVE-2017-2414
- CVE-2017-2487
- CVE-2017-2406
- CVE-2017-2407
- CVE-2017-2439
- CVE-2017-2434
- CVE-2017-2428
- CVE-2017-2416
- CVE-2017-2432
- CVE-2017-2467
- CVE-2016-3619
- CVE-2017-2412
- CVE-2017-2491
- CVE-2017-2492
- CVE-2017-2398
- CVE-2017-2401
- CVE-2017-2440
- CVE-2017-2456
- CVE-2017-2472
- CVE-2017-2473
- CVE-2017-2474
- CVE-2017-2478
- CVE-2017-2482
- CVE-2017-2483
- CVE-2017-2490
- CVE-2017-2458
- CVE-2017-2448
- CVE-2017-2390
- CVE-2017-2441
- CVE-2017-5029
- CVE-2017-2399
- CVE-2017-2484
- CVE-2017-2380
- CVE-2017-2404
- CVE-2017-2376
- CVE-2017-2384
- CVE-2017-2389
- CVE-2017-2453
- CVE-2017-2393
- CVE-2017-2400
- CVE-2017-6976
- CVE-2017-2423
- CVE-2017-2451
- CVE-2017-2485
- CVE-2017-2452
- CVE-2017-2378
- CVE-2017-2486
- CVE-2017-2386
- CVE-2017-2394
- CVE-2017-2396
- CVE-2016-9642
- CVE-2017-2395
- CVE-2017-2454
- CVE-2017-2455
- CVE-2017-2457
- CVE-2017-2459
- CVE-2017-2460
- CVE-2017-2464
- CVE-2017-2465
- CVE-2017-2466
- CVE-2017-2468
- CVE-2017-2469
- CVE-2017-2470
- CVE-2017-2476
- CVE-2017-2481
- CVE-2017-2415
- CVE-2017-2419
- CVE-2016-9643
- CVE-2017-2424
- CVE-2017-2433
- CVE-2017-2364
- CVE-2017-2367
- CVE-2017-2445
- CVE-2017-2446
- CVE-2017-2447
- CVE-2017-2463
- CVE-2017-2471
- CVE-2017-2475
- CVE-2017-2479
- CVE-2017-2480
- CVE-2017-2493
- CVE-2017-2442
- CVE-2017-2377
- CVE-2017-2405
Frequently Asked Questions
What is the severity of CVE-2017-2463?
CVE-2017-2463 is rated with high severity due to its potential for memory corruption issues that could lead to code execution.
How do I fix CVE-2017-2463?
To fix CVE-2017-2463, update affected products to the latest versions released by Apple, specifically iOS to 10.3, Safari to 10.1, iCloud to 6.2, and iTunes to 12.6.
Which Apple products are affected by CVE-2017-2463?
CVE-2017-2463 affects iOS versions before 10.3, Safari versions before 10.1, iCloud versions before 6.2 on Windows, iTunes versions before 12.6 on Windows, and tvOS versions before 10.2.
Can CVE-2017-2463 be exploited remotely?
Yes, CVE-2017-2463 can potentially be exploited remotely through malicious web content due to memory corruption vulnerabilities.
What are the symptoms of exploitation of CVE-2017-2463?
Symptoms of exploitation of CVE-2017-2463 may include crashes, unexpected behavior of applications, or unauthorized access to sensitive data.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- agent/softwarecombine
- vendor/apple
- canonical/apple ios, ipados, and watchos
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- vendor/microsoft
- canonical/microsoft windows
- canonical/apple mobile safari
- canonical/istyle @cosme iphone os
- canonical/tvos