Cross-Site Scripting Vulnerability in Apple iOS, Safari, and tvOS
CVE-2016-4585

6.1MEDIUM

Key Information:

Vendor
Apple
Status
Webkit
Vendor
CVE Published:
22 July 2016

Summary

A cross-site scripting vulnerability exists in the WebKit Page Loading implementation used in Apple iOS, Safari, and tvOS. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML. The flaw is triggered when an HTTP response incorrectly manages redirection, enabling attackers to execute scripts in the context of the user's browser, compromising user data and security. Users should ensure their devices are updated to the latest versions to mitigate the risk associated with this vulnerability.

References

http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/91830
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.