CVE-2017-7042: Buffer Overflow
First published: Thu Jul 20 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iCloud for Windows | <6.2.2 | |
| Apple iTunes for Windows | <12.6.2 | |
| Microsoft Windows | ||
| Apple WebKit | ||
| Apple Mobile Safari | <10.1.2 | |
| iStyle @cosme iPhone OS | <10.3.3 | |
| tvOS | <10.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/99885
- http://www.securitytracker.com/id/1038950
- https://security.gentoo.org/glsa/201710-14
- https://support.apple.com/HT207921
- https://support.apple.com/HT207923
- https://support.apple.com/HT207924
- https://support.apple.com/HT207927
- https://support.apple.com/HT207928
- https://www.exploit-db.com/exploits/42364/
Frequently Asked Questions
What is the severity of CVE-2017-7042?
CVE-2017-7042 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2017-7042?
To fix CVE-2017-7042, ensure that you update affected Apple software, including iOS, Safari, iCloud, iTunes, and tvOS.
Which Apple products are affected by CVE-2017-7042?
CVE-2017-7042 affects iOS versions prior to 10.3.3, Safari versions prior to 10.1.2, iCloud versions prior to 6.2.2, iTunes versions prior to 12.6.2, and tvOS versions prior to 10.2.2.
What component is involved in CVE-2017-7042?
The vulnerability in CVE-2017-7042 involves the WebKit component used in Apple products.
Can CVE-2017-7042 be exploited remotely?
Yes, CVE-2017-7042 can be exploited remotely, allowing attackers to execute arbitrary code on the affected systems.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple icloud for windows
- canonical/apple itunes for windows
- vendor/microsoft
- canonical/microsoft windows
- canonical/apple webkit
- canonical/apple mobile safari
- canonical/istyle @cosme iphone os
- canonical/tvos