CVE-2016-4763
published 2016-09-25CVE-2016-4763: WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS…
medium6.8CVSS 3.0
AVNACHPRLUINSUCHIHAN
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.3.5 | — |
| apple | itunes | <= 12.4.3 | — |
| apple | itunes_12.5.1_for_windows | — | — |
| apple | safari | <= 9.1.3 | — |
| apple | safari | — | — |
CVSS provenance
nvdv3.06.8MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
osv6.8MEDIUM
GHSA
GHSA-89gg-jvv4-j8gq: WKWebView in WebKit in Apple iOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-17
CVE-2016-4763 [MEDIUM] GHSA-89gg-jvv4-j8gq: WKWebView in WebKit in Apple iOS before 10, iTunes before 12
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
OSV
CVE-2016-4763: WKWebView in WebKit in Apple iOS before 10, iTunes before 12
osv·2016-09-25·CVSS 6.8
CVE-2016-4763 [MEDIUM] CVE-2016-4763: WKWebView in WebKit in Apple iOS before 10, iTunes before 12
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Apple
CVE-2016-4763: Safari 10
vendor_apple·2016-09-20·CVSS 6.8
CVE-2016-4763 [MEDIUM] CVE-2016-4763: Safari 10
Apple Security Update: About the security content of Safari 10
Product: Safari
Version: 10
CVE: CVE-2016-4763
Component: WebKit
Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS
Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation.
Apple
CVE-2016-4763: iOS 10
vendor_apple·2016-09-13·CVSS 6.8
CVE-2016-4763 [MEDIUM] CVE-2016-4763: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4763
Component: WebKit
Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS
Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation.
Apple
CVE-2016-4763: iTunes 12.5.1 for Windows
vendor_apple·2016-09-13·CVSS 6.8
CVE-2016-4763 [MEDIUM] CVE-2016-4763: iTunes 12.5.1 for Windows
Apple Security Update: About the security content of iTunes 12.5.1 for Windows
Product: iTunes 12.5.1 for Windows
CVE: CVE-2016-4763
Component: WebKit
Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS
Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://www.securityfocus.com/bid/93066http://www.securitytracker.com/id/1036854https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://www.securityfocus.com/bid/93066http://www.securitytracker.com/id/1036854https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158
2016-09-25
Published