CVE-2016-4768
published 2016-09-25CVE-2016-4768: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 10.0 | 10.0 |
| apple | itunes | < 12.5.1 | 12.5.1 |
| apple | itunes_12.5.1_for_windows | — | — |
| apple | safari | < 10.0 | 10.0 |
| apple | safari | — | — |
| apple | tvos | < 10.0 | 10.0 |
| apple | tvos | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
GHSA
GHSA-ppx4-w2cp-cq5c: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4768 [HIGH] CWE-119 GHSA-ppx4-w2cp-cq5c: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
GHSA
GHSA-v87h-xh2m-mq5f: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4759 [HIGH] CWE-119 GHSA-v87h-xh2m-mq5f: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
GHSA
GHSA-xvx5-4wp8-4f6g: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4767 [HIGH] CWE-119 GHSA-xvx5-4wp8-4f6g: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
GHSA
GHSA-q7mf-27fr-frgh: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4765 [HIGH] CWE-119 GHSA-q7mf-27fr-frgh: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
GHSA
GHSA-r96h-hgqm-x3x4: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2016-4766 [HIGH] CWE-119 GHSA-r96h-hgqm-x3x4: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
OSV
CVE-2016-4765: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4765 [HIGH] CVE-2016-4765: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
OSV
CVE-2016-4768: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4768 [HIGH] CVE-2016-4768: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
OSV
CVE-2016-4767: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4767 [HIGH] CVE-2016-4767: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
OSV
CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4766 [HIGH] CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
OSV
CVE-2016-4759: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
osv·2016-09-25·CVSS 8.8
CVE-2016-4759 [HIGH] CVE-2016-4759: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2017-01-10
CVE-2016-4613 WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
Apple
CVE-2016-4768: Safari 10
vendor_apple·2016-09-20·CVSS 8.8
CVE-2016-4768 [HIGH] CVE-2016-4768: Safari 10
Apple Security Update: About the security content of Safari 10
Product: Safari
Version: 10
CVE: CVE-2016-4768
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4768: iOS 10
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4768 [HIGH] CVE-2016-4768: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4768
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4768: iTunes 12.5.1 for Windows
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4768 [HIGH] CVE-2016-4768: iTunes 12.5.1 for Windows
Apple Security Update: About the security content of iTunes 12.5.1 for Windows
Product: iTunes 12.5.1 for Windows
CVE: CVE-2016-4768
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4768: tvOS 10
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4768 [HIGH] CVE-2016-4768: tvOS 10
Apple Security Update: About the security content of tvOS 10
Product: tvOS
Version: 10
CVE: CVE-2016-4768
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://www.securityfocus.com/bid/93067http://www.securitytracker.com/id/1036854https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlhttp://www.securityfocus.com/bid/93067http://www.securitytracker.com/id/1036854https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207157https://support.apple.com/HT207158
2016-09-25
Published