Memory Corruption Vulnerability in Apple iOS, macOS, and Related Products
CVE-2016-4608

9.8CRITICAL

Key Information:

Vendor: Xmlsoft
Status: Libxslt
Vendor: CVE Published:; 22 July 2016

What is CVE-2016-4608?

The libxslt component in various Apple products, including iOS, macOS, iTunes, iCloud, tvOS, and watchOS, is susceptible to a memory corruption vulnerability. This flaw allows remote attackers to potentially trigger a denial of service, affecting the stability of affected systems through undefined vectors. Users are advised to update to the latest versions to mitigate the risks associated with this vulnerability.

References

http://lists.apple.com/archives/security-announce/2016/Ju...

vendor-advisoryx_refsource_APPLE

http://lists.apple.com/archives/security-announce/2016/Ju...

vendor-advisoryx_refsource_APPLE

http://lists.apple.com/archives/security-announce/2016/Ju...

vendor-advisoryx_refsource_APPLE

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2016
Vulnerability Reserved
May 11, 2016

Xmlsoft

What is CVE-2016-4608?

References

EPSS Score

CVSS V3.1

Timeline