Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-4677 (GCVE-0-2016-4677)
Vulnerability from cvelistv5 – Published: 2017-02-20 08:35 – Updated: 2024-08-06 00:39
VLAI?
EPSS
Summary
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:25.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207270"
},
{
"name": "93853",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207272"
},
{
"name": "1037087",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207270"
},
{
"name": "93853",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207272"
},
{
"name": "1037087",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207271",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207271"
},
{
"name": "https://support.apple.com/HT207270",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207270"
},
{
"name": "93853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93853"
},
{
"name": "https://support.apple.com/HT207272",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207272"
},
{
"name": "1037087",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-4677",
"datePublished": "2017-02-20T08:35:00",
"dateReserved": "2016-05-11T00:00:00",
"dateUpdated": "2024-08-06T00:39:25.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-4677\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-02-20T08:59:00.727\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \\\"WebKit\\\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 est\u00e1 afectado. Safari en versiones anteriores a 10.0.1 est\u00e1 afectado. tvOS en versiones anteriores a 10.0.1 est\u00e1 afectado. El problema involucra al componente \\\"WebKit\\\". Esto permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un sitio web manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1\",\"matchCriteriaId\":\"31522691-8429-479C-A288-9ADB0916784C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1\",\"matchCriteriaId\":\"9EDB336D-314A-4320-AC50-D3E0E87AFAE1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1\",\"matchCriteriaId\":\"0D75F9F4-8E2C-4997-B663-F50841B3AA80\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93853\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037087\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207270\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207271\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207272\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2016-AVI-359
Vulnerability from certfr_avis - Published: 2016-10-25 - Updated: 2016-10-25
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 10.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4678",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4678"
},
{
"name": "CVE-2016-4680",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4680"
},
{
"name": "CVE-2016-7579",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7579"
},
{
"name": "CVE-2016-4675",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4675"
},
{
"name": "CVE-2016-4664",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4664"
},
{
"name": "CVE-2016-4663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4663"
},
{
"name": "CVE-2016-4613",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4613"
},
{
"name": "CVE-2016-4660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4660"
},
{
"name": "CVE-2016-4666",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4666"
},
{
"name": "CVE-2016-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4674"
},
{
"name": "CVE-2016-4662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4662"
},
{
"name": "CVE-2016-4679",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4679"
},
{
"name": "CVE-2016-4661",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4661"
},
{
"name": "CVE-2016-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4667"
},
{
"name": "CVE-2016-4665",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4665"
},
{
"name": "CVE-2016-4677",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4677"
},
{
"name": "CVE-2016-4670",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4670"
},
{
"name": "CVE-2016-4671",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4671"
},
{
"name": "CVE-2016-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4673"
},
{
"name": "CVE-2016-4635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
},
{
"name": "CVE-2016-4669",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4669"
},
{
"name": "CVE-2016-4682",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4682"
}
],
"initial_release_date": "2016-10-25T00:00:00",
"last_revision_date": "2016-10-25T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-359",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207270 du 24 octobre 2016",
"url": "https://support.apple.com/en-us/HT207270"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207269 du 24 octobre 2016",
"url": "https://support.apple.com/en-us/HT207269"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207271 du 24 octobre 2016",
"url": "https://support.apple.com/en-us/HT207271"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207272 du 24 octobre 2016",
"url": "https://support.apple.com/en-us/HT207272"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207275 du 24 octobre 2016",
"url": "https://support.apple.com/en-us/HT207275"
}
]
}
CNVD-2016-10367
Vulnerability from cnvd - Published: 2016-10-31
VLAI Severity ?
Title
多款Apple产品WebKit内存破坏漏洞(CNVD-2016-10367)
Description
Apple iOS是为移动设备所开发的一套操作系统;Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器;tvOS是一套智能电视操作系统。
多款Apple产品中的WebKit存在安全漏洞,允许攻击者可利用漏洞构建特殊的WEB页,诱使应用解析,可使应用程序崩溃或执行任意代码。
Severity
高
Patch Name
多款Apple产品WebKit内存破坏漏洞(CNVD-2016-10367)的补丁
Patch Description
Apple iOS是为移动设备所开发的一套操作系统;Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器;tvOS是一套智能电视操作系统。
多款Apple产品中的WebKit存在安全漏洞,允许攻击者可利用漏洞构建特殊的WEB页,诱使应用解析,可使应用程序崩溃或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布补丁以修复此安全问题,可以参考以下链接获取相应修复建议: https://support.apple.com/en-ie/HT207271 https://support.apple.com/en-ie/HT207272 https://support.apple.com/en-ie/HT207270
Reference
http://www.securityfocus.com/bid/93853
Impacted products
| Name | ['Apple Safari 5.1.1', 'Apple Safari 5.1.4', 'Apple Safari 5.1.7', 'Apple Safari 5.0.6', 'Apple Safari 5.0.5', 'Apple iOS 6', 'Apple iOS 5.1', 'Apple iOS 5.1.1', 'Apple iOS 5.0.1', 'Apple iOS 5', 'WebKit Open Source Project WebKit 0', 'Apple Safari 4.0.5', 'Apple Safari 4.0.4', 'Apple Safari 4.0.3', 'Apple Safari 4.0.2', 'Apple Safari 4.0.1', 'Apple Safari 3.2.3', 'Apple Safari 5.1', 'Apple Safari 5.0.3', 'Apple Safari 5.0.2', 'Apple Safari 5.0.1', 'Apple Safari 5.0', 'Apple Safari 4.1.3', 'Apple Safari 5.0.4', 'Apple Safari 4.1.2', 'Apple Safari 4.1.1', 'Apple Safari 4.1', 'Apple Safari 4.0', 'Apple Safari 4', 'Apple iPod Touch 0', 'Apple iPhone 0', 'Apple iPad 0', 'Apple IOS 4.2.1', 'Apple IOS 4.0.2', 'Apple IOS 4.0.1', 'Apple IOS 3.2.2', 'Apple IOS 3.2.1', 'Apple IOS 4.3.5', 'Apple IOS 4.3.4', 'Apple IOS 4.3.3', 'Apple IOS 4.3.2', 'Apple IOS 4.3.1', 'Apple IOS 4.3', 'Apple IOS 4.2.9', 'Apple IOS 4.2.8', 'Apple IOS 4.2.7', 'Apple IOS 4.2.6', 'Apple IOS 4.2.5', 'Apple IOS 4.2.10', 'Apple IOS 4.2', 'Apple IOS 4.1', 'Apple IOS 4', 'Apple IOS 3.2', 'Apple IOS 3.1', 'Apple Safari 6.0.4', 'Apple IOS 6.1.3', 'Apple IOS 6.1.4', 'Apple IOS 7', 'Apple IOS 7.0.2', 'Apple Safari 7.0.2', 'Apple Safari 6.1.4', 'Apple Safari 7.0.1', 'Apple Safari 7.0.3', 'Apple IOS 8.1.1', 'Apple Safari 6.2.4', 'Apple Safari 8.0.8', 'Apple Safari 7.1.8', 'Apple Safari 6.2.8', 'Apple IOS 9.1', 'Apple IOS 10'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "93853"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-4677"
}
},
"description": "Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "An anonymous researcher",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\u83b7\u53d6\u76f8\u5e94\u4fee\u590d\u5efa\u8bae\uff1a\r\nhttps://support.apple.com/en-ie/HT207271\r\nhttps://support.apple.com/en-ie/HT207272\r\nhttps://support.apple.com/en-ie/HT207270",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-10367",
"openTime": "2016-10-31",
"patchDescription": "Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-10367\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Apple Safari 5.1.1",
"Apple Safari 5.1.4",
"Apple Safari 5.1.7",
"Apple Safari 5.0.6",
"Apple Safari 5.0.5",
"Apple iOS 6",
"Apple iOS 5.1",
"Apple iOS 5.1.1",
"Apple iOS 5.0.1",
"Apple iOS 5",
"WebKit Open Source Project WebKit 0",
"Apple Safari 4.0.5",
"Apple Safari 4.0.4",
"Apple Safari 4.0.3",
"Apple Safari 4.0.2",
"Apple Safari 4.0.1",
"Apple Safari 3.2.3",
"Apple Safari 5.1",
"Apple Safari 5.0.3",
"Apple Safari 5.0.2",
"Apple Safari 5.0.1",
"Apple Safari 5.0",
"Apple Safari 4.1.3",
"Apple Safari 5.0.4",
"Apple Safari 4.1.2",
"Apple Safari 4.1.1",
"Apple Safari 4.1",
"Apple Safari 4.0",
"Apple Safari 4",
"Apple iPod Touch 0",
"Apple iPhone 0",
"Apple iPad 0",
"Apple IOS 4.2.1",
"Apple IOS 4.0.2",
"Apple IOS 4.0.1",
"Apple IOS 3.2.2",
"Apple IOS 3.2.1",
"Apple IOS 4.3.5",
"Apple IOS 4.3.4",
"Apple IOS 4.3.3",
"Apple IOS 4.3.2",
"Apple IOS 4.3.1",
"Apple IOS 4.3",
"Apple IOS 4.2.9",
"Apple IOS 4.2.8",
"Apple IOS 4.2.7",
"Apple IOS 4.2.6",
"Apple IOS 4.2.5",
"Apple IOS 4.2.10",
"Apple IOS 4.2",
"Apple IOS 4.1",
"Apple IOS 4",
"Apple IOS 3.2",
"Apple IOS 3.1",
"Apple Safari 6.0.4",
"Apple IOS 6.1.3",
"Apple IOS 6.1.4",
"Apple IOS 7",
"Apple IOS 7.0.2",
"Apple Safari 7.0.2",
"Apple Safari 6.1.4",
"Apple Safari 7.0.1",
"Apple Safari 7.0.3",
"Apple IOS 8.1.1",
"Apple Safari 6.2.4",
"Apple Safari 8.0.8",
"Apple Safari 7.1.8",
"Apple Safari 6.2.8",
"Apple IOS 9.1",
"Apple IOS 10"
]
},
"referenceLink": "http://www.securityfocus.com/bid/93853",
"serverity": "\u9ad8",
"submitTime": "2016-10-25",
"title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-10367\uff09"
}
GHSA-9GP4-CG72-37WP
Vulnerability from github – Published: 2022-05-14 01:16 – Updated: 2022-05-14 01:16
VLAI?
Details
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2016-4677"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-20T08:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"id": "GHSA-9gp4-cg72-37wp",
"modified": "2022-05-14T01:16:34Z",
"published": "2022-05-14T01:16:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4677"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207270"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207271"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207272"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93853"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037087"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
VAR-201702-0335
Vulnerability from variot - Updated: 2025-04-20 21:22An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Array objects. A crafted Array object can trigger a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. WebKit is prone to a memory-corruption vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. Note: This issue was previously titled 'WebKit CVE-2016-4677 Multiple Unspecified Memory Corruption Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple iOS prior to 10.1, tvOS prior to 10.0.1, Safari prior to 10.0.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts. CVE-2016-7579: Jerry Decime
Contacts Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to maintain access to the Address Book after access is revoked in Settings Description: An access control issue in the Address Book was addressed through improved file-link validation. CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
CoreGraphics Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
FaceTime Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to disclose kernel memory Description: A validation issue was addressed through improved input sanitization. CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious archive may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with root privileges Description: A logic issue was addressed through additional restrictions. CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to retrieve metadata of photo directories Description: An access issue was addressed through additional sandbox restrictions on third party applications. CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Sandbox Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to retrieve metadata of audio recording directories Description: An access issue was addressed through additional sandbox restrictions on third party applications. CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
System Boot Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation. CVE-2016-4669: Ian Beer of Google Project Zero
WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4677: An anonymous researcher working with Trend Micro's Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "10.1".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d 5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5 EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/ yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2 AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV m7KJFe1t8NabLisqOrHI =vxwr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0335",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.1"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (ipod touch first 6 after generation )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (macos sierra 10.12)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (os x el capitan v10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (os x yosemite v10.10.5)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (apple tv first 4 generation )"
},
{
"model": "safari",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4419.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "BID",
"id": "93853"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-590"
}
],
"trust": 0.7
},
"cve": "CVE-2016-4677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4677",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 2.5,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93496",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4677",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4677",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4677",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-4677",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-698",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93496",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "VULHUB",
"id": "VHN-93496"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Array objects. A crafted Array object can trigger a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. WebKit is prone to a memory-corruption vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. \nNote: This issue was previously titled \u0027WebKit CVE-2016-4677 Multiple Unspecified Memory Corruption Vulnerabilities\u0027. The title and technical details have been changed to better reflect the underlying component affected. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple iOS prior to 10.1, tvOS prior to 10.0.1, Safari prior to 10.0.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-24-1 iOS 10.1\n\niOS 10.1 is now available and addresses the following:\n\nCFNetwork Proxies\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A phishing issue existed in the handling of proxy\ncredentials. This issue was addressed by removing unsolicited proxy\npassword authentication prompts. \nCVE-2016-7579: Jerry Decime\n\nContacts\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to maintain access to the Address\nBook after access is revoked in Settings\nDescription: An access control issue in the Address Book was\naddressed through improved file-link validation. \nCVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nCoreGraphics\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),\nTencent\n\nFaceTime\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com\n\nFontParser\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Parsing a maliciously crafted font may disclose sensitive\nuser information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4660: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nKernel\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to disclose kernel memory\nDescription: A validation issue was addressed through improved input\nsanitization. \nCVE-2016-4680: Max Bazaliy of Lookout and in7egral\n\nlibarchive\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: A malicious archive may be able to overwrite arbitrary files\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-2016-4679: Omer Medan of enSilo Ltd\n\nlibxpc\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A logic issue was addressed through additional\nrestrictions. \nCVE-2016-4675: Ian Beer of Google Project Zero\n\nSandbox Profiles\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to retrieve metadata of photo\ndirectories\nDescription: An access issue was addressed through additional sandbox\nrestrictions on third party applications. \nCVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nSandbox Profiles\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to retrieve metadata of audio\nrecording directories\nDescription: An access issue was addressed through additional sandbox\nrestrictions on third party applications. \nCVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nSystem Boot\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed through improved\nvalidation. \nCVE-2016-4669: Ian Beer of Google Project Zero\n\nWebKit\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2016-4677: An anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"10.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d\n5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY\nq/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5\nEyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq\nHSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q\npaXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/\nyxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs\nMEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl\nRmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2\nAqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe\nfahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV\nm7KJFe1t8NabLisqOrHI\n=vxwr\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4677"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "BID",
"id": "93853"
},
{
"db": "VULHUB",
"id": "VHN-93496"
},
{
"db": "PACKETSTORM",
"id": "139321"
},
{
"db": "PACKETSTORM",
"id": "139319"
},
{
"db": "PACKETSTORM",
"id": "139323"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4677",
"trust": 3.8
},
{
"db": "BID",
"id": "93853",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037087",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU90743185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3875",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-590",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139321",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139323",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "VULHUB",
"id": "VHN-93496"
},
{
"db": "BID",
"id": "93853"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "PACKETSTORM",
"id": "139321"
},
{
"db": "PACKETSTORM",
"id": "139319"
},
{
"db": "PACKETSTORM",
"id": "139323"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"id": "VAR-201702-0335",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93496"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T21:22:06.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT207271",
"trust": 1.5,
"url": "https://support.apple.com/en-us/HT207271"
},
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-10-24-1 iOS 10.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00000.html"
},
{
"title": "APPLE-SA-2016-10-24-3 Safari 10.0.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html"
},
{
"title": "APPLE-SA-2016-10-24-4 tvOS 10.0.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00003.html"
},
{
"title": "HT207270",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207270"
},
{
"title": "HT207272",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207272"
},
{
"title": "HT207270",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207270"
},
{
"title": "HT207271",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207271"
},
{
"title": "HT207272",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207272"
},
{
"title": "Multiple Apple product WebKit Repair measures for memory corruption vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65061"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93496"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93853"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207270"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207271"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207272"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037087"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4677"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90743185/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4677"
},
{
"trust": 0.7,
"url": "https://support.apple.com/en-us/ht207271"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/download/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht207271"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht207272"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht207270"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4677"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4664"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4665"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4679"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4669"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4675"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7579"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4680"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4666"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4635"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "VULHUB",
"id": "VHN-93496"
},
{
"db": "BID",
"id": "93853"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "PACKETSTORM",
"id": "139321"
},
{
"db": "PACKETSTORM",
"id": "139319"
},
{
"db": "PACKETSTORM",
"id": "139323"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"db": "VULHUB",
"id": "VHN-93496"
},
{
"db": "BID",
"id": "93853"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"db": "PACKETSTORM",
"id": "139321"
},
{
"db": "PACKETSTORM",
"id": "139319"
},
{
"db": "PACKETSTORM",
"id": "139323"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93496"
},
{
"date": "2016-10-24T00:00:00",
"db": "BID",
"id": "93853"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"date": "2016-10-24T21:48:53",
"db": "PACKETSTORM",
"id": "139321"
},
{
"date": "2016-10-24T21:43:56",
"db": "PACKETSTORM",
"id": "139319"
},
{
"date": "2016-10-24T23:01:11",
"db": "PACKETSTORM",
"id": "139323"
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"date": "2017-02-20T08:59:00.727000",
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-04T00:00:00",
"db": "ZDI",
"id": "ZDI-16-590"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-93496"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "93853"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007470"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-698"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-4677"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007470"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-698"
}
],
"trust": 0.6
}
}
GSD-2016-4677
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-4677",
"description": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"id": "GSD-2016-4677"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-4677"
],
"details": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"id": "GSD-2016-4677",
"modified": "2023-12-13T01:21:18.231377Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207271",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207271"
},
{
"name": "https://support.apple.com/HT207270",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207270"
},
{
"name": "93853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93853"
},
{
"name": "https://support.apple.com/HT207272",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207272"
},
{
"name": "1037087",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037087"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-4677"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207272",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207272"
},
{
"name": "https://support.apple.com/HT207271",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207271"
},
{
"name": "https://support.apple.com/HT207270",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207270"
},
{
"name": "93853",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93853"
},
{
"name": "1037087",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037087"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-03-25T17:11Z",
"publishedDate": "2017-02-20T08:59Z"
}
}
}
FKIE_CVE-2016-4677
Vulnerability from fkie_nvd - Published: 2017-02-20 08:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.securityfocus.com/bid/93853 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1037087 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://support.apple.com/HT207270 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT207271 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/HT207272 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93853 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037087 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207270 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207271 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207272 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31522691-8429-479C-A288-9ADB0916784C",
"versionEndExcluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDB336D-314A-4320-AC50-D3E0E87AFAE1",
"versionEndExcluding": "10.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D75F9F4-8E2C-4997-B663-F50841B3AA80",
"versionEndExcluding": "10.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 est\u00e1 afectado. Safari en versiones anteriores a 10.0.1 est\u00e1 afectado. tvOS en versiones anteriores a 10.0.1 est\u00e1 afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un sitio web manipulado."
}
],
"id": "CVE-2016-4677",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-20T08:59:00.727",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93853"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037087"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207270"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207271"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207272"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…