CVE-2016-4591 — Improper Access Control in Apple IOS

CWE-284 — Improper Access Control8 documents6 sources

Severity

7.5HIGHNVD

EPSS

2.7%

top 14.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Webkit2gtk Apple IOS Apple Safari +1 more

Timeline

PublishedJul 22

Latest updateMay 14

Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Appleapple/tvos9.2.2

▶Appleapple/safari9.1.2

▶debiandebian/webkit2gtk< webkit2gtk 2.12.4-1 (bookworm)

▶Appleapple/ios9.3.3

🔴Vulnerability Details

GHSA

GHSA-528c-rrj8-7mch: WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-4591: WebKit in Apple iOS before 9↗2016-07-22

▶

📋Vendor Advisories

Ubuntu

WebKitGTK+ vulnerabilities↗2016-09-14

▶

Apple

CVE-2016-4591: Safari 9.1.2↗2016-07-18

▶

Apple

CVE-2016-4591: iOS 9.3.3↗2016-07-18

▶

Apple

CVE-2016-4591: tvOS 9.2.2↗2016-07-18

▶

Debian

CVE-2016-4591: webkit2gtk - WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mis...↗2016

▶