SB2017110102 - Multiple vulnerabilities in Apple Safari
Published: November 1, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2017-13783)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
2) Memory corruption (CVE-ID: CVE-2017-13784)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
3) Memory corruption (CVE-ID: CVE-2017-13785)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
4) Memory corruption (CVE-ID: CVE-2017-13788)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
5) Spoofing attack (CVE-ID: CVE-2017-13789)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website and spoof address bar.
Successful exploitation of this vulnerability may result in information disclosure or malicious actions execution.
6) Spoofing attack (CVE-ID: CVE-2017-13790)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted website and spoof address bar.
Successful exploitation of this vulnerability may result in information disclosure or malicious actions execution.
7) Memory corruption (CVE-ID: CVE-2017-13791)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
8) Memory corruption (CVE-ID: CVE-2017-13792)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
9) Memory corruption (CVE-ID: CVE-2017-13793)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
10) Memory corruption (CVE-ID: CVE-2017-13794)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
11) Memory corruption (CVE-ID: CVE-2017-13795)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
12) Memory corruption (CVE-ID: CVE-2017-13796)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
13) Memory corruption (CVE-ID: CVE-2017-13798)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
14) Memory corruption (CVE-ID: CVE-2017-13802)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
15) Memory corruption (CVE-ID: CVE-2017-13803)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.