CVE-2016-4583 — Race Condition in Apple IOS

CWE-362 — Race Condition7 documents5 sources

Severity

3.1LOWNVD

EPSS

0.4%

top 39.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webkitgtk Apple IOS Apple Safari +1 more

Timeline

PublishedJul 22

Latest updateMay 14

Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

▶Appleapple/tvos9.2.2

▶Appleapple/safari9.1.2

▶NVDwebkitgtk/webkitgtk< 2.12.2

▶Appleapple/ios9.3.3

🔴Vulnerability Details

GHSA

GHSA-prfv-fm4x-p4rr: WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-4583: WebKit in Apple iOS before 9↗2016-07-21

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-09-14

▶

Apple

CVE-2016-4583: iOS 9.3.3↗2016-07-18

▶

Apple

CVE-2016-4583: Safari 9.1.2↗2016-07-18

▶

Apple

CVE-2016-4583: tvOS 9.2.2↗2016-07-18

▶