Vulnerability Details : CVE-2017-7152
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
Products affected by CVE-2017-7152
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7152
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7152
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2017-7152
-
https://support.apple.com/kb/HT210721
About the security content of iOS 13.2 and iPadOS 13.2 - Apple Support
-
https://support.apple.com/HT208334
About the security content of iOS 11.2 - Apple SupportVendor Advisory
-
http://seclists.org/fulldisclosure/2019/Oct/56
Full Disclosure: APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra
-
http://seclists.org/fulldisclosure/2019/Oct/54
Full Disclosure: APPLE-SA-2019-10-29-4 watchOS 6.1
-
https://support.apple.com/kb/HT210722
About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 - Apple Support
-
https://support.apple.com/kb/HT210724
About the security content of watchOS 6.1 - Apple Support
-
http://seclists.org/fulldisclosure/2019/Oct/49
Full Disclosure: APPLE-SA-2019-10-29-1 iOS 13.2 and iPadOS 13.2
Jump to