CVE-2016-4590 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation7 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.7%

top 27.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Webkit2gtk Apple Safari Apple IOS

Timeline

PublishedJul 22

Latest updateMay 14

Description

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

▶NVDapple/safari9.1.1

▶Appleapple/safari9.1.2

▶debiandebian/webkit2gtk< webkit2gtk 2.12.4-1 (bookworm)

▶Appleapple/ios9.3.3

🔴Vulnerability Details

GHSA

GHSA-x7h9-4jcm-r6qh: WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-4590: WebKit in Apple iOS before 9↗2016-07-22

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-09-14

▶

Apple

CVE-2016-4590: iOS 9.3.3↗2016-07-18

▶

Apple

CVE-2016-4590: Safari 9.1.2↗2016-07-18

▶

Debian

CVE-2016-4590: webkit2gtk - WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs,...↗2016

▶