CVE-2016-1724Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 22.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple SafariApple Tvos+3 more
Timeline
PublishedFeb 1
Latest updateMay 14

Description

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

NVDapple/tvos< 9.1.1
NVDapple/safari< 9.0.3
Appleapple/tvos9.1.1
Appleapple/safari9.0.3
NVDapple/watchos< 2.2

🔴Vulnerability Details

4
GHSA
GHSA-3hfj-59gc-vp5m: WebKit, as used in Apple iOS before 92022-05-14
GHSA
GHSA-pr7h-529m-qm6h: WebKit, as used in Apple iOS before 92022-05-14
OSV
CVE-2016-1727: WebKit, as used in Apple iOS before 92016-02-01
OSV
CVE-2016-1724: WebKit, as used in Apple iOS before 92016-02-01

📋Vendor Advisories

4
Apple
CVE-2016-1724: watchOS 2.2
Apple
CVE-2016-1724: iOS 9.2.1
Apple
CVE-2016-1724: tvOS 9.1.1
Apple
CVE-2016-1724: Safari 9.0.3
CVE-2016-1724 — Apple Iphone OS vulnerability | cvebase