CVE-2017-13861
CVE-2017-13861
Vexday Risk Score
43Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 14.9%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Ciclo de vida
11 dic 2017PoC pública
25 dic 2017Publicada en NVD
15 mar 2018Exploit Metasploit disponible
Velocidad de armamento
79 díashasta el módulo Metasploit
Recomendación: Planificar corrección próxima — ya existe PoC pública.
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.htmlno verificadoexploitdbwww.exploit-db.com/exploits/43320no verificadocve_referencewww.exploit-db.com/exploits/43320/no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.htmlhttps://support.apple.com/HT208325https://support.apple.com/HT208327https://support.apple.com/HT208334https://www.exploit-db.com/exploits/43320/http://www.securityfocus.com/bid/102134http://www.securitytracker.com/id/1039952http://www.securitytracker.com/id/1039953