← Back

CVE-2017-2480

nvd nist
Published: Apr 2, 2017Modified: May 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Affected (4)

Apple
4 products
Icloud
Iphone Os
Itunes
Safari
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Icloud
Up to 6.1.1
Iphone Os
Up to 10.2.1
Itunes
Up to 12.5.5.5
Safari
Up to 10.0.3

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.