CVE-2016-4766
published 2016-09-25CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 10.0 | 10.0 |
| apple | itunes | < 12.5.1 | 12.5.1 |
| apple | itunes_12.5.1_for_windows | — | — |
| apple | safari | < 10.0 | 10.0 |
| apple | safari | — | — |
| apple | tvos | < 10.0 | 10.0 |
| apple | tvos | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
GHSA
GHSA-ppx4-w2cp-cq5c: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4768 [HIGH] CWE-119 GHSA-ppx4-w2cp-cq5c: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
GHSA
GHSA-v87h-xh2m-mq5f: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4759 [HIGH] CWE-119 GHSA-v87h-xh2m-mq5f: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
GHSA
GHSA-xvx5-4wp8-4f6g: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4767 [HIGH] CWE-119 GHSA-xvx5-4wp8-4f6g: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
GHSA
GHSA-q7mf-27fr-frgh: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4765 [HIGH] CWE-119 GHSA-q7mf-27fr-frgh: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
GHSA
GHSA-r96h-hgqm-x3x4: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4766 [HIGH] CWE-119 GHSA-r96h-hgqm-x3x4: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
OSV
CVE-2016-4765: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4765 [HIGH] CVE-2016-4765: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
OSV
CVE-2016-4768: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4768 [HIGH] CVE-2016-4768: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
OSV
CVE-2016-4767: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4767 [HIGH] CVE-2016-4767: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
OSV
CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4766 [HIGH] CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
OSV
CVE-2016-4759: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4759 [HIGH] CVE-2016-4759: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Apple
CVE-2016-4766: Safari 10
vendor_apple·2016-09-20·CVSS 8.8
CVE-2016-4766 [HIGH] CVE-2016-4766: Safari 10
Apple Security Update: About the security content of Safari 10
Product: Safari
Version: 10
CVE: CVE-2016-4766
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4766: iOS 10
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4766 [HIGH] CVE-2016-4766: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4766
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4766: tvOS 10
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4766 [HIGH] CVE-2016-4766: tvOS 10
Apple Security Update: About the security content of tvOS 10
Product: tvOS
Version: 10
CVE: CVE-2016-4766
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4766: iTunes 12.5.1 for Windows
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4766 [HIGH] CVE-2016-4766: iTunes 12.5.1 for Windows
Apple Security Update: About the security content of iTunes 12.5.1 for Windows
Product: iTunes 12.5.1 for Windows
CVE: CVE-2016-4766
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://www.securityfocus.com/bid/93067http://www.securitytracker.com/id/1036854https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://www.securityfocus.com/bid/93067http://www.securitytracker.com/id/1036854https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158
2016-09-25
Published