Remote Code Execution and Denial of Service in WebKit for Apple iOS and Safari
CVE-2016-4589

8.8HIGH

Key Information:

Vendor
Apple
Status
Webkit
Vendor
CVE Published:
22 July 2016

Summary

A vulnerability exists in WebKit, the browser engine used by Safari and other Apple applications, prior to specified versions. This flaw allows attackers to execute arbitrary code or trigger a denial of service through crafted web content. Exploitation may lead to significant security risks for users, particularly when accessing maliciously designed websites. Enabling updates and applying security patches is crucial to safeguard against this vulnerability.

References

http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/91830
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.