CVE-2016-4707
published 2016-09-25CVE-2016-4707: CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of…
PriorityP417medium4CVSS 3.0
AVLACLPRNUINSUCLINAN
EPSS
0.06%
18.9th percentile
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.3.5 | — |
| apple | mac_os_x | <= 10.11.6 | — |
| apple | macos_sierra | — | — |
CVSS provenance
nvdv3.04.0MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv4.0MEDIUM
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2017-01-10
CVE-2016-4613 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
Apple
CVE-2016-4707: macOS Sierra 10.12
vendor_apple·2016-09-20·CVSS 4.0
CVE-2016-4707 [MEDIUM] CVE-2016-4707: macOS Sierra 10.12
Apple Security Update: About the security content of macOS Sierra 10.12
Product: macOS Sierra
Version: 10.12
CVE: CVE-2016-4707
Component: CFNetwork
Impact: A local user may be able to discover websites a user has visited
Description: An issue existed in Local Storage deletion. This issue was addressed through improved Local Storage cleanup.
Apple
CVE-2016-4707: iOS 10
vendor_apple·2016-09-13·CVSS 4.0
CVE-2016-4707 [MEDIUM] CVE-2016-4707: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4707
Component: CFNetwork
Impact: A local user may be able to discover websites a user has visited
Description: An issue existed in Local Storage deletion. This issue was addressed through improved Local Storage cleanup.
GHSA
GHSA-2f5p-8xjh-f2m8: CFNetwork in Apple iOS before 10 and OS X before 10
ghsa_unreviewed·2022-05-17
CVE-2016-4707 [MEDIUM] CWE-200 GHSA-2f5p-8xjh-f2m8: CFNetwork in Apple iOS before 10 and OS X before 10
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
OSV
CVE-2016-4707: CFNetwork in Apple iOS before 10 and OS X before 10
osv·2016-09-25·CVSS 4.0
CVE-2016-4707 [MEDIUM] CVE-2016-4707: CFNetwork in Apple iOS before 10 and OS X before 10
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://www.securityfocus.com/bid/93056http://www.securitytracker.com/id/1036858https://support.apple.com/HT207143https://support.apple.com/HT207170http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://www.securityfocus.com/bid/93056http://www.securitytracker.com/id/1036858https://support.apple.com/HT207143https://support.apple.com/HT207170
2016-09-25
Published