CVE-2017-2486

MEDIUM

Apple <10.3 - CSRF

Title source: llm

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.

Scores

CVSS v3 6.5
EPSS 0.0036
EPSS Percentile 57.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE
CWE-425
Status published

Affected Products (3)

apple/safari < 10.0.3
apple/iphone_os < 10.2.1
n/a/n/a

Timeline

Published Apr 02, 2017
Tracked Since Feb 18, 2026