⚠ Actively exploited
Added to CISA KEV on 2022-05-24. Federal agencies required to patch by 2022-06-14. Required action: Apply updates per vendor instructions..

CVE-2016-4657Out-of-bounds Write in Apple Iphone OS

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents11 sources
Severity
8.8HIGHNVD
EPSS
77.1%
top 1.03%
CISA KEV
KEV
Added 2022-05-24
Due 2022-06-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Apple Iphone OSApple IOSApple Safari
Timeline
PublishedAug 25
KEV addedMay 24
KEV dueJun 14
CISA Required Action: Apply updates per vendor instructions.

Description

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDapple/iphone_os< 9.3.5
Appleapple/ios9.3.5
Appleapple/safari9.1.3

🔴Vulnerability Details

3
GHSA
GHSA-99xm-29ff-vvqm: WebKit in Apple iOS before 92022-05-14
OSV
CVE-2016-4657: WebKit in Apple iOS before 92016-08-25
VulnCheck
Apple iOS Webkit Memory Corruption Vulnerability2016

💥Exploits & PoCs

3
Exploit-DB
WebKit - not_number defineProperties UAF (Metasploit)2018-06-05
Exploit-DB
Nintendo Switch - WebKit Code Execution (PoC)2017-03-12
Metasploit
WebKit not_number defineProperties UAF

🔍Detection Rules

1
Suricata
ET EXPLOIT Possible iOS Pegasus Safari Exploit (CVE-2016-4657)2016-11-07

📋Vendor Advisories

4
CISA
Apple iOS Webkit Memory Corruption Vulnerability2022-05-24
Ubuntu
WebKitGTK+ vulnerabilities2017-01-10
Apple
CVE-2016-4657: Safari 9.1.32016-09-01
Apple
CVE-2016-4657: iOS 9.3.52016-08-25

📄Research Papers

1
arXiv
Methodically Defeating Nintendo Switch Security2019-06-07