Proxy Authentication Issue in Apple iOS, tvOS, and OS X Products
CVE-2016-4642

5.9MEDIUM

Key Information:

Vendor

Apple
Status
iPhone OS
Mac Os
Apple Tv
Vendor
CVE Published:
11 January 2019

What is CVE-2016-4642?

In specific versions of Apple's iOS, tvOS, and OS X El Capitan, a vulnerability existed where the proxy authentication mechanism incorrectly indicated that credentials were securely transmitted to HTTP proxies. This security flaw could potentially lead to unauthorized access and compromise user data by misrepresenting the security of credential transmission. Apple addressed this issue in subsequent updates by implementing improved notifications to make users aware of the potential risks associated with proxy authentication.

References

https://support.apple.com/HT206902
x_refsource_MISC
https://support.apple.com/HT206903
x_refsource_MISC
https://support.apple.com/HT206905
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-4642 : Proxy Authentication Issue in Apple iOS, tvOS, and OS X Products