CVE-2017-7059
Description
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DOMParser cross-site scripting (XSS) vulnerability in WebKit affects iOS, Safari, and tvOS before versions 10.3.3, 10.1.2, and 10.2.2 respectively, allowing arbitrary code execution.
Vulnerability
A DOMParser XSS issue exists in the WebKit component on iOS before 10.3.3, Safari before 10.1.2, and tvOS before 10.2.2 [1][2][3]. The vulnerability allows a remote attacker to cause unexpected application termination or arbitrary code execution via maliciously crafted web content [1][2].
Exploitation
An attacker can exploit this vulnerability by luring a user to visit a specially crafted website that triggers the XSS flaw in the DOMParser [1][2]. No additional authentication or local access is required; the attack is network-based and relies on user interaction to load the malicious content in a vulnerable browser or WebKit renderer.
Impact
Successful exploitation leads to arbitrary code execution within the context of the affected application, potentially allowing the attacker to gain elevated privileges or access sensitive data [1][2]. The impact is classified as a remote code execution (RCE) with high consequences for confidentiality, integrity, and availability.
Mitigation
Apple addressed this vulnerability in iOS 10.3.3, Safari 10.1.2, and tvOS 10.2.2 released on July 19, 2017 [1][2][3]. Users should update to the latest available versions via the device's update mechanism. No workaround is documented; applying the official patch is the only mitigation.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
14- osv-coords11 versionspkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 2.18.5-2.18.1+ 10 more
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
- (no CPE)range: < 2.18.5-2.18.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/99886nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038950nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT207921nvdVendor Advisory
- support.apple.com/HT207923nvdVendor Advisory
- support.apple.com/HT207924nvdVendor Advisory
News mentions
0No linked articles in our index yet.