CVE-2016-4767Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer25 documents6 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple Iphone OSApple ItunesApple Safari+1 more
Timeline
PublishedSep 25
Latest updateMay 14

Description

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDapple/tvos< 10.0
NVDapple/itunes< 12.5.1
NVDapple/safari< 10.0
NVDapple/iphone_os< 10.0

🔴Vulnerability Details

15
GHSA
GHSA-ppx4-w2cp-cq5c: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 122022-05-14
GHSA
GHSA-v87h-xh2m-mq5f: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 122022-05-14
GHSA
GHSA-xvx5-4wp8-4f6g: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 122022-05-14
GHSA
GHSA-q7mf-27fr-frgh: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 122022-05-14
GHSA
GHSA-r96h-hgqm-x3x4: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 122022-05-14

📋Vendor Advisories

5
Ubuntu
WebKitGTK+ vulnerabilities2017-01-10
Apple
CVE-2016-4767: Safari 102016-09-20
Apple
CVE-2016-4767: tvOS 102016-09-13
Apple
CVE-2016-4767: iOS 102016-09-13
Apple
CVE-2016-4767: iTunes 12.5.1 for Windows2016-09-13
CVE-2016-4767 — Apple Iphone OS vulnerability | cvebase