PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-2364 Apple CVE debrief

CVE-2017-2364 is an Apple WebKit issue affecting iOS before 10.2.1 and Safari before 10.0.3. A remote attacker could use a crafted website to bypass the Same Origin Policy and read sensitive information, with user interaction required.

Vendor
Apple
Product
CVE-2017-2364
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-20
Original CVE updated
2026-05-13
Advisory published
2017-02-20
Advisory updated
2026-05-13

Who should care

Apple iOS and Safari administrators, mobile device management teams, security operations, and users who browse untrusted web content on affected devices.

Technical summary

NVD classifies the issue as CVSS 3.0 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N and maps it to CWE-200. The vulnerable component is WebKit; the reported effect is a Same Origin Policy bypass that can expose sensitive information from a crafted website.

Defensive priority

Medium

Recommended defensive actions

  • Update affected iOS devices to 10.2.1 or later and affected Safari installations to 10.0.3 or later, per Appleā€™s advisories.
  • Use MDM or patch-management reporting to confirm no devices remain on the vulnerable iOS or Safari versions.
  • Treat untrusted web content as a data-exposure risk on unpatched systems and restrict browsing until updates are verified.
  • Review endpoint and browser inventory so exposure can be identified quickly if legacy Apple devices are still in service.

Evidence notes

The CVE was published on 2017-02-20 and the supplied record was later modified on 2026-05-13. Source data ties the issue to Apple vendor advisories, NVD, affected iOS versions through 10.2.0, affected Safari versions through 10.0.2, and a confidentiality-focused CVSS vector with CWE-200 classification.

Official resources

Publicly disclosed in the CVE/NVD record on 2017-02-20; the supplied corpus includes Apple vendor advisories and NVD references. No KEV entry is supplied in the source data.