CVE-2017-13790 Apple Safari 11.1 Not Installed (APPLE-SA-2017-10-31-5)

漏洞类别:Local

漏洞等级:

漏洞信息

Safari is a Web-browser developed by Apple which is based on the WebKit engine.

Visiting a malicious website may lead to address bar spoofing [CVE-2017-13790, CVE-2017-13789].
Processing maliciously crafted web content may lead to arbitrary code execution[CVE-2017-13785,13785,CVE-2017-13783,CVE-2017-13788,CVE-2017-13795,CVE-2017-13802,CVE-2017-13792,CVE-2017-13791,CVE-2017-13798,CVE-2017-13796,CVE-2017-13793,CVE-2017-13794,CVE-2017-13803].

Affected Versions
Apple Safari prior to 11.1

QID Detection Logic (Authenticated)
This checks for vulnerable versions of Apple Safari.

漏洞危害

A remote user can spoof the address bar.

解决方案

The browser should be updated to version 11.1 released by Apple.
For more information regarding the update click here.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

HT208223: MAC OS X

Leave a Reply