CVE-2017-13884:WebKit Memory Corruption Vulnerability in Apple Products (CVE-2017-13884)

splash
Back

Description Preview

CVE-2017-13884 is a memory corruption vulnerability in the WebKit component that affects multiple Apple products including iOS, Safari, iCloud for Windows, iTunes for Windows, tvOS, and watchOS. This vulnerability allows remote attackers to execute arbitrary code or cause denial of service by crashing applications through specially crafted web content. The issue was addressed in iOS 11.2, Safari 11.0.2, iCloud 7.2 for Windows, iTunes 12.7.2 for Windows, tvOS 11.2, and watchOS 4.2.

Overview

This vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) affects the WebKit browser engine used across multiple Apple products. When exploited, an attacker can create a specially crafted website that, when visited by a victim, could trigger memory corruption in WebKit. This corruption could lead to arbitrary code execution within the context of the affected application or cause the application to crash, resulting in denial of service. The vulnerability impacts a wide range of Apple's ecosystem, including mobile devices, desktop browsers, and media applications on both Apple and Windows platforms.

Remediation

Users should update their devices and applications to the following versions or later:

  • iOS: Update to version 11.2 or later
  • Safari: Update to version 11.0.2 or later
  • iCloud for Windows: Update to version 7.2 or later
  • iTunes for Windows: Update to version 12.7.2 or later
  • tvOS: Update to version 11.2 or later
  • watchOS: Update to version 4.2 or later

Updates can be installed through the standard update mechanisms for each product:

  • iOS devices: Settings > General > Software Update
  • Safari: Apple menu > App Store > Updates
  • iCloud/iTunes for Windows: Open the application and check for updates or download the latest version from Apple's website
  • Apple TV: Settings > System > Software Updates
  • Apple Watch: Using the Watch app on a paired iPhone

References

  1. Apple Security Updates for iOS 11.2: https://support.apple.com/HT208324
  2. Apple Security Updates for Safari 11.0.2: https://support.apple.com/HT208325
  3. Apple Security Updates for iCloud 7.2 for Windows: https://support.apple.com/HT208326
  4. Apple Security Updates for iTunes 12.7.2 for Windows: https://support.apple.com/HT208327
  5. Apple Security Updates for tvOS 11.2: https://support.apple.com/HT208328
  6. Apple Security Updates for watchOS 4.2: https://support.apple.com/HT208334
  7. Ubuntu Security Notice USN-3551-1: https://usn.ubuntu.com/3551-1/

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance
    Health Care & Social Assistance
  2. Manufacturing
    Manufacturing
  3. Public Administration
    Public Administration
  4. Educational Services
    Educational Services
  5. Transportation & Warehousing
    Transportation & Warehousing
  6. Retail Trade
    Retail Trade
  7. Finance and Insurance
    Finance and Insurance
  8. Utilities
    Utilities
  9. Other Services (except Public Administration)
    Other Services (except Public Administration)
  10. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  11. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  12. Information
    Information
  13. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  14. Management of Companies & Enterprises
    Management of Companies & Enterprises
  15. Mining
    Mining
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Construction
    Construction
  18. Accommodation & Food Services
    Accommodation & Food Services
  19. Wholesale Trade
    Wholesale Trade
  20. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database