What is CVE-2017-7089?

CVE-2017-7089 is a vulnerability that exists in the handling of parent-tab in the WebKit component, affecting certain Apple products including iOS, Safari, iCloud for Windows, watchOS, and iTunes.

What is the severity of CVE-2017-7089?

The severity of CVE-2017-7089 is medium, with a severity value of 6.1.

How does CVE-2017-7089 affect Apple products?

CVE-2017-7089 affects certain Apple products including iOS before version 11, Safari before version 11, iCloud for Windows before version 7.0, watchOS before version 6.9.1, and iTunes before version 12.6.2.

What is Universal XSS (UXSS) attack?

Universal XSS (UXSS) attack is a type of cross-site scripting (XSS) attack that occurs when an attacker is able to bypass the same-origin policy and inject malicious code into a trusted website, potentially compromising user data.

How can I fix CVE-2017-7089?

To fix CVE-2017-7089, you should update your affected Apple products to the latest versions available, such as iOS 11 or later, Safari 11 or later, iCloud for Windows 7.0 or later, watchOS 6.9.1 or later, and iTunes 12.6.2 or later. Additionally, it is recommended to follow any security advisories or recommendations provided by Apple.

Vulnerability/
CVE-2017-7089

medium

6.1

CWE

19/9/2017

23/10/2017

27/7/2020

CVE-2017-7089: XSS

First published: Tue Sep 19 2017(Updated: )

WebKit. A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.

Credit: Anton Lopanitsyn ONSECFrans Rosén DetectifyFrans Rosén DetectifyAnton Lopanitsyn ONSEC product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iCloud for Windows	<7.0	7.0
Apple iOS	<11	11
Apple Safari	<=10.1.2
Apple iPhone OS	<=10.3.3
Apple tvOS	<=10.2.2
Apple iCloud	<=6.9.1
Apple iTunes	<=12.6.2
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2017-13829
CVE-2017-13833
CVE-2017-13831
CVE-2017-9049
CVE-2017-7376
CVE-2017-5130
CVE-2017-9050
CVE-2018-4302
CVE-2017-7127
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7089
CVE-2017-7090
CVE-2017-7106
CVE-2017-7109
CVE-2017-13832
CVE-2017-13863
CVE-2017-7131
CVE-2017-7083
CVE-2017-13821
CVE-2017-0381
CVE-2017-13825
CVE-2017-7088
CVE-2017-13815
CVE-2017-13828
CVE-2017-11103
CVE-2017-13830
CVE-2017-7072
CVE-2017-13814
CVE-2017-7114
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13843
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-7140
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2017-7148
CVE-2017-7078
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7075
CVE-2017-7139
CVE-2017-13806
CVE-2017-13822
CVE-2017-7132
CVE-2017-7085
CVE-2017-13877
CVE-2017-7080
CVE-2017-7146
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-6211
CVE-2017-7145
CVE-2017-7144
CVE-2017-7142
CVE-2017-11120
CVE-2017-11121
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116
CVE-2017-11122
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Frequently Asked Questions

What is CVE-2017-7089?
CVE-2017-7089 is a vulnerability that exists in the handling of parent-tab in the WebKit component, affecting certain Apple products including iOS, Safari, iCloud for Windows, watchOS, and iTunes.
What is the severity of CVE-2017-7089?
The severity of CVE-2017-7089 is medium, with a severity value of 6.1.
How does CVE-2017-7089 affect Apple products?
CVE-2017-7089 affects certain Apple products including iOS before version 11, Safari before version 11, iCloud for Windows before version 7.0, watchOS before version 6.9.1, and iTunes before version 12.6.2.
What is Universal XSS (UXSS) attack?
Universal XSS (UXSS) attack is a type of cross-site scripting (XSS) attack that occurs when an attacker is able to bypass the same-origin policy and inject malicious code into a trusted website, potentially compromising user data.
How can I fix CVE-2017-7089?
To fix CVE-2017-7089, you should update your affected Apple products to the latest versions available, such as iOS 11 or later, Safari 11 or later, iCloud for Windows 7.0 or later, watchOS 6.9.1 or later, and iTunes 12.6.2 or later. Additionally, it is recommended to follow any security advisories or recommendations provided by Apple.

collector/apple-support
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/software-canonical-lookup-request
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/description
agent/event
collector/nvd-index
vendor/apple
canonical/apple icloud for windows
canonical/apple ios
canonical/apple safari
version/apple safari/10.1.2
canonical/apple iphone os
version/apple iphone os/10.3.3
canonical/apple tvos
version/apple tvos/10.2.2
canonical/apple icloud
version/apple icloud/6.9.1
canonical/apple itunes
version/apple itunes/12.6.2
vendor/microsoft
canonical/microsoft windows