CVE-2017-13861
CVE-2017-13861
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 14.9%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
11 Dec 2017Public PoC
25 Dec 2017Published on NVD
15 Mar 2018Metasploit module available
Weaponization speed
79 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/43320unverifiedcve_referencewww.exploit-db.com/exploits/43320/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.htmlhttps://support.apple.com/HT208325https://support.apple.com/HT208327https://support.apple.com/HT208334https://www.exploit-db.com/exploits/43320/http://www.securityfocus.com/bid/102134http://www.securitytracker.com/id/1039952http://www.securitytracker.com/id/1039953