HTTP: Apple Safari CVE-2017-2446 Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Extended Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.

Affected Products

Apple tvos

References

CVE: CVE-2017-2446

Short Name
HTTP:STC:SAFARI:CVE-2017-2446
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2017-2446 Code Execution Remote Safari
Release Date
05/18/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Apple

CVSS Score

6.8

Found a potential security threat?