CVE-2016-4591

7.5HIGH

Key Information:

Vendor: Apple
Status: Webkit
Vendor: CVE Published:; 22 July 2016

Summary

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

References

http://lists.apple.com/archives/security-announce/2016/Ju...

vendor-advisoryx_refsource_APPLE

http://lists.apple.com/archives/security-announce/2016/Ju...

vendor-advisoryx_refsource_APPLE

http://www.securityfocus.com/bid/91830

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2016
Vulnerability Reserved
May 11, 2016