WebKit Vulnerability in Apple iOS and Safari
CVE-2016-4591

7.5HIGH

Key Information:

Vendor
Apple
Status
Webkit
Vendor
CVE Published:
22 July 2016

Summary

A vulnerability exists in WebKit that improperly handles the location variable within specific versions of Apple iOS, Safari, and tvOS. This flaw could allow remote attackers to exploit the system, granting them access to the local filesystem. By leveraging this weakness, attackers may retrieve sensitive information, potentially leading to further exploitation of affected devices. Users are advised to update their systems to mitigate this risk.

References

http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://lists.apple.com/archives/security-announce/2016/Ju...
vendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/bid/91830
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.