WebKit Vulnerability in Apple iOS and Safari
CVE-2016-4583

3.1LOW

Key Information:

Vendor

Apple
Status
Webkit
Vendor
CVE Published:
22 July 2016

What is CVE-2016-4583?

This vulnerability in WebKit allows remote attackers to bypass the Same Origin Policy through a timing attack, enabling unauthorized access to image data from an unintended website. Such exploitation can lead to significant privacy risks, as sensitive information may be exposed without user awareness. The issue primarily affects versions of Apple iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2.

References

http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/91830
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-4583 : WebKit Vulnerability in Apple iOS and Safari