CVE-2017-7142

Description

An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.

How to fix CVE-2017-7142

To remediate CVE-2017-7142, upgrade the affected package to a fixed version below.

Debian/webkit2gtk—upgrade to 2.18.1-1 or later

Is CVE-2017-7142 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.18.1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2017-7142