CVE-2016-4758
published 2016-09-25CVE-2016-4758: WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCHINAN
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.3.5 | — |
| apple | itunes | <= 12.4.3 | — |
| apple | itunes_12.5.1_for_windows | — | — |
| apple | safari | <= 9.1.3 | — |
| apple | safari | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM
Apple
CVE-2016-4758: Safari 10
vendor_apple·2016-09-20·CVSS 6.5
CVE-2016-4758 [MEDIUM] CVE-2016-4758: Safari 10
Apple Security Update: About the security content of Safari 10
Product: Safari
Version: 10
CVE: CVE-2016-4758
Component: WebKit
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.
Apple
CVE-2016-4758: iOS 10
vendor_apple·2016-09-13·CVSS 6.5
CVE-2016-4758 [MEDIUM] CVE-2016-4758: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4758
Component: WebKit
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.
Apple
CVE-2016-4758: iTunes 12.5.1 for Windows
vendor_apple·2016-09-13·CVSS 6.5
CVE-2016-4758 [MEDIUM] CVE-2016-4758: iTunes 12.5.1 for Windows
Apple Security Update: About the security content of iTunes 12.5.1 for Windows
Product: iTunes 12.5.1 for Windows
CVE: CVE-2016-4758
Component: WebKit
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.
GHSA
GHSA-2qj9-5hwh-h764: WebKit in Apple iOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-17
CVE-2016-4758 [MEDIUM] CWE-200 GHSA-2qj9-5hwh-h764: WebKit in Apple iOS before 10, iTunes before 12
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
OSV
CVE-2016-4758: WebKit in Apple iOS before 10, iTunes before 12
osv·2016-09-25·CVSS 6.5
CVE-2016-4758 [MEDIUM] CVE-2016-4758: WebKit in Apple iOS before 10, iTunes before 12
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.htmlhttp://www.securityfocus.com/bid/93066http://www.securitytracker.com/id/1036854https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.htmlhttp://www.securityfocus.com/bid/93066http://www.securitytracker.com/id/1036854https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158
2016-09-25
Published