CNVD-2016-10367

Vulnerability from cnvd - Published: 2016-10-31
VLAI Severity ?
Title
多款Apple产品WebKit内存破坏漏洞(CNVD-2016-10367)
Description
Apple iOS是为移动设备所开发的一套操作系统;Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器;tvOS是一套智能电视操作系统。 多款Apple产品中的WebKit存在安全漏洞,允许攻击者可利用漏洞构建特殊的WEB页,诱使应用解析,可使应用程序崩溃或执行任意代码。
Severity
Patch Name
多款Apple产品WebKit内存破坏漏洞(CNVD-2016-10367)的补丁
Patch Description
Apple iOS是为移动设备所开发的一套操作系统;Safari是一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器;tvOS是一套智能电视操作系统。 多款Apple产品中的WebKit存在安全漏洞,允许攻击者可利用漏洞构建特殊的WEB页,诱使应用解析,可使应用程序崩溃或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布补丁以修复此安全问题,可以参考以下链接获取相应修复建议: https://support.apple.com/en-ie/HT207271 https://support.apple.com/en-ie/HT207272 https://support.apple.com/en-ie/HT207270

Reference
http://www.securityfocus.com/bid/93853
Impacted products
Name
['Apple Safari 5.1.1', 'Apple Safari 5.1.4', 'Apple Safari 5.1.7', 'Apple Safari 5.0.6', 'Apple Safari 5.0.5', 'Apple iOS 6', 'Apple iOS 5.1', 'Apple iOS 5.1.1', 'Apple iOS 5.0.1', 'Apple iOS 5', 'WebKit Open Source Project WebKit 0', 'Apple Safari 4.0.5', 'Apple Safari 4.0.4', 'Apple Safari 4.0.3', 'Apple Safari 4.0.2', 'Apple Safari 4.0.1', 'Apple Safari 3.2.3', 'Apple Safari 5.1', 'Apple Safari 5.0.3', 'Apple Safari 5.0.2', 'Apple Safari 5.0.1', 'Apple Safari 5.0', 'Apple Safari 4.1.3', 'Apple Safari 5.0.4', 'Apple Safari 4.1.2', 'Apple Safari 4.1.1', 'Apple Safari 4.1', 'Apple Safari 4.0', 'Apple Safari 4', 'Apple iPod Touch 0', 'Apple iPhone 0', 'Apple iPad 0', 'Apple IOS 4.2.1', 'Apple IOS 4.0.2', 'Apple IOS 4.0.1', 'Apple IOS 3.2.2', 'Apple IOS 3.2.1', 'Apple IOS 4.3.5', 'Apple IOS 4.3.4', 'Apple IOS 4.3.3', 'Apple IOS 4.3.2', 'Apple IOS 4.3.1', 'Apple IOS 4.3', 'Apple IOS 4.2.9', 'Apple IOS 4.2.8', 'Apple IOS 4.2.7', 'Apple IOS 4.2.6', 'Apple IOS 4.2.5', 'Apple IOS 4.2.10', 'Apple IOS 4.2', 'Apple IOS 4.1', 'Apple IOS 4', 'Apple IOS 3.2', 'Apple IOS 3.1', 'Apple Safari 6.0.4', 'Apple IOS 6.1.3', 'Apple IOS 6.1.4', 'Apple IOS 7', 'Apple IOS 7.0.2', 'Apple Safari 7.0.2', 'Apple Safari 6.1.4', 'Apple Safari 7.0.1', 'Apple Safari 7.0.3', 'Apple IOS 8.1.1', 'Apple Safari 6.2.4', 'Apple Safari 8.0.8', 'Apple Safari 7.1.8', 'Apple Safari 6.2.8', 'Apple IOS 9.1', 'Apple IOS 10']
Show details on source website
To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "93853"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4677"
    }
  },
  "description": "Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "An anonymous researcher",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\u83b7\u53d6\u76f8\u5e94\u4fee\u590d\u5efa\u8bae\uff1a\r\nhttps://support.apple.com/en-ie/HT207271\r\nhttps://support.apple.com/en-ie/HT207272\r\nhttps://support.apple.com/en-ie/HT207270",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10367",
  "openTime": "2016-10-31",
  "patchDescription": "Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-10367\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple Safari 5.1.1",
      "Apple Safari 5.1.4",
      "Apple Safari 5.1.7",
      "Apple Safari 5.0.6",
      "Apple Safari 5.0.5",
      "Apple iOS 6",
      "Apple iOS 5.1",
      "Apple iOS 5.1.1",
      "Apple iOS 5.0.1",
      "Apple iOS 5",
      "WebKit Open Source Project WebKit 0",
      "Apple Safari 4.0.5",
      "Apple Safari 4.0.4",
      "Apple Safari 4.0.3",
      "Apple Safari 4.0.2",
      "Apple Safari 4.0.1",
      "Apple Safari 3.2.3",
      "Apple Safari 5.1",
      "Apple Safari 5.0.3",
      "Apple Safari 5.0.2",
      "Apple Safari 5.0.1",
      "Apple Safari 5.0",
      "Apple Safari 4.1.3",
      "Apple Safari 5.0.4",
      "Apple Safari 4.1.2",
      "Apple Safari 4.1.1",
      "Apple Safari 4.1",
      "Apple Safari 4.0",
      "Apple Safari 4",
      "Apple iPod Touch 0",
      "Apple iPhone 0",
      "Apple iPad 0",
      "Apple IOS 4.2.1",
      "Apple IOS 4.0.2",
      "Apple IOS 4.0.1",
      "Apple IOS 3.2.2",
      "Apple IOS 3.2.1",
      "Apple IOS 4.3.5",
      "Apple IOS 4.3.4",
      "Apple IOS 4.3.3",
      "Apple IOS 4.3.2",
      "Apple IOS 4.3.1",
      "Apple IOS 4.3",
      "Apple IOS 4.2.9",
      "Apple IOS 4.2.8",
      "Apple IOS 4.2.7",
      "Apple IOS 4.2.6",
      "Apple IOS 4.2.5",
      "Apple IOS 4.2.10",
      "Apple IOS 4.2",
      "Apple IOS 4.1",
      "Apple IOS 4",
      "Apple IOS 3.2",
      "Apple IOS 3.1",
      "Apple Safari 6.0.4",
      "Apple IOS 6.1.3",
      "Apple IOS 6.1.4",
      "Apple IOS 7",
      "Apple IOS 7.0.2",
      "Apple Safari 7.0.2",
      "Apple Safari 6.1.4",
      "Apple Safari 7.0.1",
      "Apple Safari 7.0.3",
      "Apple IOS 8.1.1",
      "Apple Safari 6.2.4",
      "Apple Safari 8.0.8",
      "Apple Safari 7.1.8",
      "Apple Safari 6.2.8",
      "Apple IOS 9.1",
      "Apple IOS 10"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93853",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-25",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-10367\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.