CVE-2016-4644
published 2019-01-11CVE-2016-4644: In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication…
medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | apple_tv | < 9.2.2 | 9.2.2 |
| apple | ios | — | — |
| apple | iphone_os | < 9.3.3 | 9.3.3 |
| apple | mac_os | >= 10.11.0 < 10.11.6 | 10.11.6 |
| apple | os_x_el_capitan_v10.11.6_and_security_update_2016-004 | — | — |
| apple | tvos | — | — |