Arbitrary Code Execution and Bookmark Spoofing Vulnerability in iOS and Safari

Arbitrary Code Execution and Bookmark Spoofing Vulnerability in iOS and Safari

CVE-2017-2378 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.

Learn more about our Cis Benchmark Audit For Apple Ios.