CVE-2017-7006
First published: Thu Jul 20 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | <10.1.2 | |
| iStyle @cosme iPhone OS | <10.3.3 | |
| tvOS | <10.2.2 | |
| Apple WebKit |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7006?
CVE-2017-7006 is considered to be of high severity due to its potential to bypass the Same Origin Policy.
How do I fix CVE-2017-7006?
To fix CVE-2017-7006, update affected Apple products to the latest versions of iOS, Safari, and tvOS.
What products are affected by CVE-2017-7006?
CVE-2017-7006 affects iOS versions prior to 10.3.3, Safari versions prior to 10.1.2, and tvOS versions prior to 10.2.2.
What type of attack does CVE-2017-7006 enable?
CVE-2017-7006 enables remote attackers to conduct a timing side-channel attack.
Which component is involved in CVE-2017-7006?
CVE-2017-7006 involves the WebKit component in Apple products.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple mobile safari
- canonical/istyle @cosme iphone os
- canonical/tvos
- canonical/apple webkit