CVE-2016-7586 — Sensitive Information Exposure in Apple

Vendor	Product	Version range	Fixed in
apple	icloud	<= 6.0.1	—
apple	icloud_for_windows	—	—
apple	ios	—	—
apple	iphone_os	<= 10.1.1	—
apple	itunes	<= 12.5.3	—
apple	itunes_12.5.4_for_windows	—	—
apple	safari	<= 10.0.1	—
apple	safari	—	—
apple	tvos	—	—
debian	webkit2gtk	< webkit2gtk 2.14.3-1 (bookworm)	webkit2gtk 2.14.3-1 (bookworm)

Ubuntu

WebKitGTK+ vulnerabilities

vendor_ubuntu·2017-02-06

CVE-2016-7586 WebKitGTK+ vulnerabilities Title: WebKitGTK+ vulnerabilities Summary: Several security issues were fixed in WebKitGTK+. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Instructions: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

Apple

CVE-2016-7586: iCloud for Windows 6.1

vendor_apple·2016-12-13·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: iCloud for Windows 6.1 Apple Security Update: About the security content of iCloud for Windows 6.1 Product: iCloud for Windows Version: 6.1 CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.

Apple

CVE-2016-7586: Safari 10.0.2

vendor_apple·2016-12-13·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: Safari 10.0.2 Apple Security Update: About the security content of Safari 10.0.2 Product: Safari Version: 10.0.2 CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.

Apple

CVE-2016-7586: iTunes 12.5.4 for Windows

vendor_apple·2016-12-13·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: iTunes 12.5.4 for Windows Apple Security Update: About the security content of iTunes 12.5.4 for Windows Product: iTunes 12.5.4 for Windows CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.

Apple

CVE-2016-7586: iOS 10.2

vendor_apple·2016-12-12·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.

Apple

CVE-2016-7586: tvOS 10.1

vendor_apple·2016-12-12·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.

Debian

CVE-2016-7586: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ...

vendor_debian·2016·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: webkit2gtk - An issue was discovered in certain Apple products. iOS before 10.2 is affected. ... An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. Scope: local bookworm: resolved (fixed in 2.14.3-1) bullseye: resolved (fixed in 2.14.3-1) forky: resolved (fixed in 2.14.3-1) sid: resolved (fixed in 2.14.3-1) trixie: resolved (fixed in 2.14.3-1)

GHSA

GHSA-f5jc-m9w5-r7rr: An issue was discovered in certain Apple products

ghsa_unreviewed·2022-05-17

CVE-2016-7586 [MEDIUM] CWE-200 GHSA-f5jc-m9w5-r7rr: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.

OSV

CVE-2016-7586: An issue was discovered in certain Apple products

osv·2017-02-20·CVSS 6.5

CVE-2016-7586 [MEDIUM] CVE-2016-7586: An issue was discovered in certain Apple products An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.

CVE-2016-7586: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before…

Affected

CVSS provenance