CVE-2016-4616Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Icloud

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write15 documents4 sources
Severity
9.8CRITICALNVD
EPSS
2.6%
top 14.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IcloudApple Iphone OSApple Itunes+3 more
Timeline
PublishedJul 22
Latest updateMay 14

Description

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDapple/tvos< 9.2.2
NVDapple/icloud< 5.2.1
NVDapple/itunes< 12.4.2
NVDapple/watchos< 2.2.2
NVDapple/mac_os_x< 10.11.6

🔴Vulnerability Details

6
GHSA
GHSA-2793-r34m-9rvh: libxml2 in Apple iOS before 92022-05-14
GHSA
GHSA-g9cv-jr4f-r3m7: libxml2 in Apple iOS before 92022-05-14
GHSA
GHSA-7fm3-xf2m-h9gj: libxml2 in Apple iOS before 92022-05-13
CVEList
CVE-2016-4615: libxml2 in Apple iOS before 92016-07-22
CVEList
CVE-2016-4616: libxml2 in Apple iOS before 92016-07-22

📋Vendor Advisories

6
Apple
CVE-2016-4616: iCloud for Windows 5.2.12016-07-18
Apple
CVE-2016-4616: OS X El Capitan v10.11.6 and Security Update 2016-0042016-07-18
Apple
CVE-2016-4616: watchOS 2.2.22016-07-18
Apple
CVE-2016-4616: iOS 9.3.32016-07-18
Apple
CVE-2016-4616: iTunes 12.4.2 for Windows2016-07-18
CVE-2016-4616 — Apple Icloud vulnerability | cvebase