cvelistv5 - cve-2016-4758

CVE-2016-4758 (GCVE-0-2016-4758)

Vulnerability from cvelistv5 – Published: 2016-09-25 10:00 – Updated: 2024-08-06 00:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://mksben.l0.cm/2016/09/safari-uxss-showModal…	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://support.apple.com/HT207157	x_refsource_CONFIRM
	https://support.apple.com/HT207158	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93066	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1036854	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT207143	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:39:26.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
          },
          {
            "name": "APPLE-SA-2016-09-20-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207158"
          },
          {
            "name": "93066",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93066"
          },
          {
            "name": "1036854",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036854"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207143"
          },
          {
            "name": "APPLE-SA-2016-09-20-7",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
          },
          {
            "name": "APPLE-SA-2016-09-20-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
        },
        {
          "name": "APPLE-SA-2016-09-20-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207158"
        },
        {
          "name": "93066",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93066"
        },
        {
          "name": "1036854",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036854"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207143"
        },
        {
          "name": "APPLE-SA-2016-09-20-7",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
        },
        {
          "name": "APPLE-SA-2016-09-20-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html",
              "refsource": "MISC",
              "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
            },
            {
              "name": "APPLE-SA-2016-09-20-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
            },
            {
              "name": "https://support.apple.com/HT207157",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207157"
            },
            {
              "name": "https://support.apple.com/HT207158",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207158"
            },
            {
              "name": "93066",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93066"
            },
            {
              "name": "1036854",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036854"
            },
            {
              "name": "https://support.apple.com/HT207143",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207143"
            },
            {
              "name": "APPLE-SA-2016-09-20-7",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
            },
            {
              "name": "APPLE-SA-2016-09-20-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-4758",
    "datePublished": "2016-09-25T10:00:00",
    "dateReserved": "2016-05-11T00:00:00",
    "dateUpdated": "2024-08-06T00:39:26.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.1.3\", \"matchCriteriaId\": \"A02241CD-8C84-46CA-AF77-7F9032836D20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.3.5\", \"matchCriteriaId\": \"5133BB4B-15AA-4F2F-B469-C5BD71FCE9C8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"12.4.3\", \"matchCriteriaId\": \"FA364FEA-190C-4C19-BEFF-6171CDBDEFB7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.\"}, {\"lang\": \"es\", \"value\": \"WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 no restringe adecuadamente al acceso a la variable de localizaci\\u00f3n, lo que permite a atacantes remotos obtener informaci\\u00f3n sensible a trav\\u00e9s de un sitio web manipulado.\"}]",
      "id": "CVE-2016-4758",
      "lastModified": "2024-11-21T02:52:54.330",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-09-25T10:59:52.830",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securityfocus.com/bid/93066\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036854\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207143\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207157\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207158\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/93066\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036854\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207143\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4758\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-09-25T10:59:52.830\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 no restringe adecuadamente al acceso a la variable de localizaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un sitio web manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.1.3\",\"matchCriteriaId\":\"A02241CD-8C84-46CA-AF77-7F9032836D20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.3.5\",\"matchCriteriaId\":\"5133BB4B-15AA-4F2F-B469-C5BD71FCE9C8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.4.3\",\"matchCriteriaId\":\"FA364FEA-190C-4C19-BEFF-6171CDBDEFB7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/93066\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1036854\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207143\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207157\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207158\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93066\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036854\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2016-08277

Vulnerability from cnvd - Published: 2016-09-29

Title

Apple iOS/Safari/iTunes WebKit信息泄露漏洞

Description

Apple iOS、Safari和iTunes都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。iTunes是一套媒体播放器应用程序。WebKit是KDE、苹果（Apple）、谷歌（Google）等公司共同开发的一套开源Web浏览器引擎，目前被Apple Safari及Google Chrome等浏览器使用。 Apple iOS 10之前的版本、基于Windows平台上的iTunes 12.5.1之前的版本和Safari 10之前的版本中的WebKit中存在信息泄露漏洞，远程攻击者可借助特制的网站，利用该漏洞获取敏感信息。

Severity

中

Patch Name

Apple iOS/Safari/iTunes WebKit信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/HT207143 https://support.apple.com/HT207158 https://support.apple.com/HT207157

Reference

http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://www.securityfocus.com/bid/93066

Impacted products

Name
['Apple IOS <10', 'Apple Safari <10', 'Apple iTunes(on Windows) <12.5.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93066"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4758"
    }
  },
  "description": "Apple iOS\u3001Safari\u548ciTunes\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002iTunes\u662f\u4e00\u5957\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002WebKit\u662fKDE\u3001\u82f9\u679c\uff08Apple\uff09\u3001\u8c37\u6b4c\uff08Google\uff09\u7b49\u516c\u53f8\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\nApple iOS 10\u4e4b\u524d\u7684\u7248\u672c\u3001\u57fa\u4e8eWindows\u5e73\u53f0\u4e0a\u7684iTunes 12.5.1\u4e4b\u524d\u7684\u7248\u672c\u548cSafari 10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684WebKit\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Masato Kinugawa of Cure53.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://support.apple.com/HT207143 \r\nhttps://support.apple.com/HT207158 \r\nhttps://support.apple.com/HT207157",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-08277",
  "openTime": "2016-09-29",
  "patchDescription": "Apple iOS\u3001Safari\u548ciTunes\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002iTunes\u662f\u4e00\u5957\u5a92\u4f53\u64ad\u653e\u5668\u5e94\u7528\u7a0b\u5e8f\u3002WebKit\u662fKDE\u3001\u82f9\u679c\uff08Apple\uff09\u3001\u8c37\u6b4c\uff08Google\uff09\u7b49\u516c\u53f8\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\nApple iOS 10\u4e4b\u524d\u7684\u7248\u672c\u3001\u57fa\u4e8eWindows\u5e73\u53f0\u4e0a\u7684iTunes 12.5.1\u4e4b\u524d\u7684\u7248\u672c\u548cSafari 10\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684WebKit\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS/Safari/iTunes WebKit\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c10",
      "Apple Safari \u003c10",
      "Apple  iTunes(on Windows) \u003c12.5.1"
    ]
  },
  "referenceLink": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html \r\nhttp://www.securityfocus.com/bid/93066",
  "serverity": "\u4e2d",
  "submitTime": "2016-09-28",
  "title": "Apple iOS/Safari/iTunes WebKit\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GHSA-2QJ9-5HWH-H764

Vulnerability from github – Published: 2022-05-17 02:22 – Updated: 2022-05-17 02:22

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-25T10:59:00Z",
    "severity": "MODERATE"
  },
  "details": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.",
  "id": "GHSA-2qj9-5hwh-h764",
  "modified": "2022-05-17T02:22:10Z",
  "published": "2022-05-17T02:22:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4758"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207143"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207157"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207158"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93066"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036854"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2016-AVI-316

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iCloud pour Windows versions antérieures à 6.0
Apple	macOS	macOS Sierra versions antérieures à 10.12
Apple	macOS	macOS Server versions antérieures à 5.2
Apple	Safari	Safari versions antérieures à 10

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207171 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207157 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207147 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207170 du 20 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Server versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4698"
    },
    {
      "name": "CVE-2016-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4707"
    },
    {
      "name": "CVE-2016-4769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4769"
    },
    {
      "name": "CVE-2016-4739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4739"
    },
    {
      "name": "CVE-2016-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4766"
    },
    {
      "name": "CVE-2016-4728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4728"
    },
    {
      "name": "CVE-2016-4725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4725"
    },
    {
      "name": "CVE-2016-4618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4618"
    },
    {
      "name": "CVE-2016-4736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
    },
    {
      "name": "CVE-2016-4753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4753"
    },
    {
      "name": "CVE-2016-4726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4726"
    },
    {
      "name": "CVE-2016-4710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4710"
    },
    {
      "name": "CVE-2016-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4767"
    },
    {
      "name": "CVE-2016-4748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4748"
    },
    {
      "name": "CVE-2016-5768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5768"
    },
    {
      "name": "CVE-2016-4731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4731"
    },
    {
      "name": "CVE-2016-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
    },
    {
      "name": "CVE-2016-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4751"
    },
    {
      "name": "CVE-2016-4724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4724"
    },
    {
      "name": "CVE-2016-4777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4777"
    },
    {
      "name": "CVE-2016-4730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4730"
    },
    {
      "name": "CVE-2016-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4735"
    },
    {
      "name": "CVE-2016-4702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4702"
    },
    {
      "name": "CVE-2016-6290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6290"
    },
    {
      "name": "CVE-2016-4745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4745"
    },
    {
      "name": "CVE-2016-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4755"
    },
    {
      "name": "CVE-2016-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6296"
    },
    {
      "name": "CVE-2016-4779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4779"
    },
    {
      "name": "CVE-2016-6295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6295"
    },
    {
      "name": "CVE-2016-4711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4711"
    },
    {
      "name": "CVE-2016-4774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4774"
    },
    {
      "name": "CVE-2016-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4762"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4768"
    },
    {
      "name": "CVE-2016-4758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4758"
    },
    {
      "name": "CVE-2016-4723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4723"
    },
    {
      "name": "CVE-2016-6174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6174"
    },
    {
      "name": "CVE-2016-6291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6291"
    },
    {
      "name": "CVE-2016-4712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4712"
    },
    {
      "name": "CVE-2016-6292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6292"
    },
    {
      "name": "CVE-2016-4696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4696"
    },
    {
      "name": "CVE-2016-4773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4773"
    },
    {
      "name": "CVE-2016-4771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4771"
    },
    {
      "name": "CVE-2016-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4700"
    },
    {
      "name": "CVE-2016-4760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4760"
    },
    {
      "name": "CVE-2016-4729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4729"
    },
    {
      "name": "CVE-2016-4727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4727"
    },
    {
      "name": "CVE-2016-4699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4699"
    },
    {
      "name": "CVE-2016-4778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4778"
    },
    {
      "name": "CVE-2016-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4759"
    },
    {
      "name": "CVE-2016-6289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6289"
    },
    {
      "name": "CVE-2016-4708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4708"
    },
    {
      "name": "CVE-2016-4713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4713"
    },
    {
      "name": "CVE-2016-4754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4754"
    },
    {
      "name": "CVE-2016-4722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4722"
    },
    {
      "name": "CVE-2016-4716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4716"
    },
    {
      "name": "CVE-2016-4611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4611"
    },
    {
      "name": "CVE-2016-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6288"
    },
    {
      "name": "CVE-2016-5771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5771"
    },
    {
      "name": "CVE-2016-4718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4718"
    },
    {
      "name": "CVE-2016-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4772"
    },
    {
      "name": "CVE-2016-4701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4701"
    },
    {
      "name": "CVE-2016-4697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4697"
    },
    {
      "name": "CVE-2016-4715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4715"
    },
    {
      "name": "CVE-2016-6294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6294"
    },
    {
      "name": "CVE-2016-5773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5773"
    },
    {
      "name": "CVE-2016-4717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4717"
    },
    {
      "name": "CVE-2016-5772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5772"
    },
    {
      "name": "CVE-2016-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4742"
    },
    {
      "name": "CVE-2016-6297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6297"
    },
    {
      "name": "CVE-2016-4737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4737"
    },
    {
      "name": "CVE-2016-4775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4775"
    },
    {
      "name": "CVE-2016-4694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4694"
    },
    {
      "name": "CVE-2016-4733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4733"
    },
    {
      "name": "CVE-2016-4706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4706"
    },
    {
      "name": "CVE-2016-5770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5770"
    },
    {
      "name": "CVE-2016-4709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4709"
    },
    {
      "name": "CVE-2016-4763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4763"
    },
    {
      "name": "CVE-2016-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4752"
    },
    {
      "name": "CVE-2016-4750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4750"
    },
    {
      "name": "CVE-2016-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4734"
    },
    {
      "name": "CVE-2016-4776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4776"
    },
    {
      "name": "CVE-2016-5769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5769"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2016-4765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4765"
    },
    {
      "name": "CVE-2016-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
    },
    {
      "name": "CVE-2016-4703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4703"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-316",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207171 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207157 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207147 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207147"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207170 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207170"
    }
  ]
}

CERTFR-2016-AVI-316

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iCloud pour Windows versions antérieures à 6.0
Apple	macOS	macOS Sierra versions antérieures à 10.12
Apple	macOS	macOS Server versions antérieures à 5.2
Apple	Safari	Safari versions antérieures à 10

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207171 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207157 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207147 du 20 septembre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207170 du 20 septembre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra versions ant\u00e9rieures \u00e0 10.12",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Server versions ant\u00e9rieures \u00e0 5.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4698"
    },
    {
      "name": "CVE-2016-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4707"
    },
    {
      "name": "CVE-2016-4769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4769"
    },
    {
      "name": "CVE-2016-4739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4739"
    },
    {
      "name": "CVE-2016-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4766"
    },
    {
      "name": "CVE-2016-4728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4728"
    },
    {
      "name": "CVE-2016-4725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4725"
    },
    {
      "name": "CVE-2016-4618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4618"
    },
    {
      "name": "CVE-2016-4736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
    },
    {
      "name": "CVE-2016-4753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4753"
    },
    {
      "name": "CVE-2016-4726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4726"
    },
    {
      "name": "CVE-2016-4710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4710"
    },
    {
      "name": "CVE-2016-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4767"
    },
    {
      "name": "CVE-2016-4748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4748"
    },
    {
      "name": "CVE-2016-5768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5768"
    },
    {
      "name": "CVE-2016-4731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4731"
    },
    {
      "name": "CVE-2016-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
    },
    {
      "name": "CVE-2016-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4751"
    },
    {
      "name": "CVE-2016-4724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4724"
    },
    {
      "name": "CVE-2016-4777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4777"
    },
    {
      "name": "CVE-2016-4730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4730"
    },
    {
      "name": "CVE-2016-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4735"
    },
    {
      "name": "CVE-2016-4702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4702"
    },
    {
      "name": "CVE-2016-6290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6290"
    },
    {
      "name": "CVE-2016-4745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4745"
    },
    {
      "name": "CVE-2016-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4755"
    },
    {
      "name": "CVE-2016-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6296"
    },
    {
      "name": "CVE-2016-4779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4779"
    },
    {
      "name": "CVE-2016-6295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6295"
    },
    {
      "name": "CVE-2016-4711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4711"
    },
    {
      "name": "CVE-2016-4774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4774"
    },
    {
      "name": "CVE-2016-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4762"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4768"
    },
    {
      "name": "CVE-2016-4758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4758"
    },
    {
      "name": "CVE-2016-4723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4723"
    },
    {
      "name": "CVE-2016-6174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6174"
    },
    {
      "name": "CVE-2016-6291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6291"
    },
    {
      "name": "CVE-2016-4712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4712"
    },
    {
      "name": "CVE-2016-6292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6292"
    },
    {
      "name": "CVE-2016-4696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4696"
    },
    {
      "name": "CVE-2016-4773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4773"
    },
    {
      "name": "CVE-2016-4771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4771"
    },
    {
      "name": "CVE-2016-4700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4700"
    },
    {
      "name": "CVE-2016-4760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4760"
    },
    {
      "name": "CVE-2016-4729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4729"
    },
    {
      "name": "CVE-2016-4727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4727"
    },
    {
      "name": "CVE-2016-4699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4699"
    },
    {
      "name": "CVE-2016-4778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4778"
    },
    {
      "name": "CVE-2016-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4759"
    },
    {
      "name": "CVE-2016-6289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6289"
    },
    {
      "name": "CVE-2016-4708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4708"
    },
    {
      "name": "CVE-2016-4713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4713"
    },
    {
      "name": "CVE-2016-4754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4754"
    },
    {
      "name": "CVE-2016-4722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4722"
    },
    {
      "name": "CVE-2016-4716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4716"
    },
    {
      "name": "CVE-2016-4611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4611"
    },
    {
      "name": "CVE-2016-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6288"
    },
    {
      "name": "CVE-2016-5771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5771"
    },
    {
      "name": "CVE-2016-4718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4718"
    },
    {
      "name": "CVE-2016-4772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4772"
    },
    {
      "name": "CVE-2016-4701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4701"
    },
    {
      "name": "CVE-2016-4697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4697"
    },
    {
      "name": "CVE-2016-4715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4715"
    },
    {
      "name": "CVE-2016-6294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6294"
    },
    {
      "name": "CVE-2016-5773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5773"
    },
    {
      "name": "CVE-2016-4717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4717"
    },
    {
      "name": "CVE-2016-5772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5772"
    },
    {
      "name": "CVE-2016-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4742"
    },
    {
      "name": "CVE-2016-6297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6297"
    },
    {
      "name": "CVE-2016-4737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4737"
    },
    {
      "name": "CVE-2016-4775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4775"
    },
    {
      "name": "CVE-2016-4694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4694"
    },
    {
      "name": "CVE-2016-4733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4733"
    },
    {
      "name": "CVE-2016-4706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4706"
    },
    {
      "name": "CVE-2016-5770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5770"
    },
    {
      "name": "CVE-2016-4709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4709"
    },
    {
      "name": "CVE-2016-4763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4763"
    },
    {
      "name": "CVE-2016-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4752"
    },
    {
      "name": "CVE-2016-4750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4750"
    },
    {
      "name": "CVE-2016-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4734"
    },
    {
      "name": "CVE-2016-4776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4776"
    },
    {
      "name": "CVE-2016-5769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5769"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2016-4765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4765"
    },
    {
      "name": "CVE-2016-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
    },
    {
      "name": "CVE-2016-4703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4703"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-316",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207171 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207157 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207147 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207147"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207170 du 20 septembre 2016",
      "url": "https://support.apple.com/en-us/HT207170"
    }
  ]
}

GSD-2016-4758

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4758

Aliases

CVE-2016-4758

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4758",
    "description": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.",
    "id": "GSD-2016-4758",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-4758.html",
      "https://advisories.mageia.org/CVE-2016-4758.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4758"
      ],
      "details": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.",
      "id": "GSD-2016-4758",
      "modified": "2023-12-13T01:21:18.738949Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4758",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html",
            "refsource": "MISC",
            "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
          },
          {
            "name": "APPLE-SA-2016-09-20-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
          },
          {
            "name": "https://support.apple.com/HT207157",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207157"
          },
          {
            "name": "https://support.apple.com/HT207158",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207158"
          },
          {
            "name": "93066",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93066"
          },
          {
            "name": "1036854",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036854"
          },
          {
            "name": "https://support.apple.com/HT207143",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207143"
          },
          {
            "name": "APPLE-SA-2016-09-20-7",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
          },
          {
            "name": "APPLE-SA-2016-09-20-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.3.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "12.4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4758"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2016-09-20-3",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
            },
            {
              "name": "https://support.apple.com/HT207143",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207143"
            },
            {
              "name": "APPLE-SA-2016-09-20-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
            },
            {
              "name": "APPLE-SA-2016-09-20-7",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
            },
            {
              "name": "https://support.apple.com/HT207158",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207158"
            },
            {
              "name": "https://support.apple.com/HT207157",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207157"
            },
            {
              "name": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
            },
            {
              "name": "93066",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93066"
            },
            {
              "name": "1036854",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036854"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-30T01:29Z",
      "publishedDate": "2016-09-25T10:59Z"
    }
  }
}

FKIE_CVE-2016-4758

Vulnerability from fkie_nvd - Published: 2016-09-25 10:59 - Updated: 2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html	Mailing List, Vendor Advisory
product-security@apple.com	http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
product-security@apple.com	http://www.securityfocus.com/bid/93066
product-security@apple.com	http://www.securitytracker.com/id/1036854
product-security@apple.com	https://support.apple.com/HT207143	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207157	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207158	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93066
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036854
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207143	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207157	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207158	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	safari	*
apple	iphone_os	*
apple	itunes	*
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02241CD-8C84-46CA-AF77-7F9032836D20",
              "versionEndIncluding": "9.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5133BB4B-15AA-4F2F-B469-C5BD71FCE9C8",
              "versionEndIncluding": "9.3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA364FEA-190C-4C19-BEFF-6171CDBDEFB7",
              "versionEndIncluding": "12.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site."
    },
    {
      "lang": "es",
      "value": "WebKit en Apple iOS en versiones anteriores a 10, iTunes en versiones anteriores a 12.5.1 en Windows y Safari en versiones anteriores a 10 no restringe adecuadamente al acceso a la variable de localizaci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un sitio web manipulado."
    }
  ],
  "id": "CVE-2016-4758",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-09-25T10:59:52.830",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/93066"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1036854"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207143"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207157"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207158"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201609-0254

Vulnerability from variot - Updated: 2023-12-18 11:52

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. Apple iOS , Windows Run on iTunes ,and Safari Used in etc. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-09-20-2 Safari 10

Safari 10 is now available and addresses the following:

Safari Reader Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: Multiple validation issues were addressed through improved input sanitization. CVE-2016-4618 : an anonymous researcher

Safari Tabs Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue existed in the handling of tab sessions. This issue was addressed through session state management. CVE-2016-4751 : Daniel Chatfield of Monzo Bank

WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A parsing issue existed in the handling of error prototypes. This was addressed through improved validation. CVE-2016-4728 : Daniel Divricean

WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: Visiting a maliciously crafted website may leak sensitive data Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4758 : Masato Kinugawa of Cure53

WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4611 : Apple CVE-2016-4729 : Apple CVE-2016-4730 : Apple CVE-2016-4731 : Apple CVE-2016-4734 : Natalie Silvanovich of Google Project Zero CVE-2016-4735 : AndrA(c) Bargull CVE-2016-4737 : Apple CVE-2016-4759 : Tongbo Luo of Palo Alto Networks CVE-2016-4762 : Zheng Huang of Baidu Security Lab CVE-2016-4766 : Apple CVE-2016-4767 : Apple CVE-2016-4768 : Anonymous working with Trend Micro's Zero Day Initiative

WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: A malicious website may be able to access non-HTTP services Description: Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version. CVE-2016-4760 : Jordan Milne

WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation. CVE-2016-4763 : an anonymous researcher

WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS 10.12 Sierra Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4769 : Tongbo Luo of Palo Alto Networks

Safari 10 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM 9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63 lg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7 WbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1 a4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f uanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi f6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq xG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf pMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs 7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl 94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa BNWrPBJoffIkp7eY1kI2 =RFSt -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0254",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1.3"
      },
      {
        "model": "itunes",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.4.3"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "9.1.3"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10   (ipad first  4 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10   (iphone 5 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10   (ipod touch first  6 after generation )"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.5.1   (windows 7 or later )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10   (macos sierra 10.12)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10   (os x el capitan v10.11.6)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10   (os x yosemite v10.10.5)"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "12.4.3"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "model": "esignal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esignal",
        "version": "6.0.2"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.8"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.10"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.34"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.33"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.31"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.31"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.30"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.28"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.52"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "mac os security update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016-0020"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.5.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "icloud",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.1.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.3.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "12.4.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Masato Kinugawa of Cure53.",
    "sources": [
      {
        "db": "BID",
        "id": "93066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-4758",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4758",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-93577",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4758",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4758",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201609-455",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93577",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. Apple iOS , Windows Run on iTunes ,and Safari Used in etc. \nAttackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-09-20-2 Safari 10\n\nSafari 10 is now available and addresses the following:\n\nSafari Reader\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Enabling the Safari Reader feature on a maliciously crafted\nwebpage may lead to universal cross site scripting\nDescription: Multiple validation issues were addressed through\nimproved input sanitization. \nCVE-2016-4618 : an anonymous researcher\n\nSafari Tabs\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A state management issue existed in the handling of tab\nsessions. This issue was addressed through session state management. \nCVE-2016-4751 : Daniel Chatfield of Monzo Bank\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A parsing issue existed in the handling of error\nprototypes. This was addressed through improved validation. \nCVE-2016-4728 : Daniel Divricean\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Visiting a maliciously crafted website may leak sensitive\ndata\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4758 : Masato Kinugawa of Cure53\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2016-4611 : Apple\nCVE-2016-4729 : Apple\nCVE-2016-4730 : Apple\nCVE-2016-4731 : Apple\nCVE-2016-4734 : Natalie Silvanovich of Google Project Zero\nCVE-2016-4735 : AndrA(c) Bargull\nCVE-2016-4737 : Apple\nCVE-2016-4759 : Tongbo Luo of Palo Alto Networks\nCVE-2016-4762 : Zheng Huang of Baidu Security Lab\nCVE-2016-4766 : Apple\nCVE-2016-4767 : Apple\nCVE-2016-4768 : Anonymous working with Trend Micro\u0027s Zero Day\nInitiative\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: A malicious website may be able to access non-HTTP services\nDescription: Safari\u0027s support of HTTP/0.9 allowed cross-protocol\nexploitation of non-HTTP services using DNS rebinding. The issue was\naddressed by restricting HTTP/0.9 responses to default ports and\ncanceling resource loads if the document was loaded with a different\nHTTP protocol version. \nCVE-2016-4760 : Jordan Milne\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved state management. \nCVE-2016-4733 : Natalie Silvanovich of Google Project Zero\nCVE-2016-4765 : Apple\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: An attacker in a privileged network position may be able to\nintercept and alter network traffic to applications using WKWebView\nwith HTTPS\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed through improved validation. \nCVE-2016-4763 : an anonymous researcher\n\nWebKit\nAvailable for:  OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,\nand macOS 10.12 Sierra\nImpact: Visiting a maliciously crafted webpage may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-4769 : Tongbo Luo of Palo Alto Networks\n\nSafari 10 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM\n9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63\nlg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7\nWbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1\na4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f\nuanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi\nf6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq\nxG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf\npMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs\n7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl\n94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa\nBNWrPBJoffIkp7eY1kI2\n=RFSt\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "BID",
        "id": "93066"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "db": "PACKETSTORM",
        "id": "138792"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4758",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "93066",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036854",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU90950877",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU93841436",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-93577",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138792",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "db": "BID",
        "id": "93066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "PACKETSTORM",
        "id": "138792"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "id": "VAR-201609-0254",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:52:11.951000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2016-09-20-3 iOS 10",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00008.html"
      },
      {
        "title": "APPLE-SA-2016-09-20-7 iTunes 12.5.1 for Windows",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00012.html"
      },
      {
        "title": "APPLE-SA-2016-09-20-2 Safari 10",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00007.html"
      },
      {
        "title": "HT207157",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207157"
      },
      {
        "title": "HT207158",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207158"
      },
      {
        "title": "HT207143",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207143"
      },
      {
        "title": "HT207143",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207143"
      },
      {
        "title": "HT207157",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207157"
      },
      {
        "title": "HT207158",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207158"
      },
      {
        "title": "Apple iOS , Safari  and iTunes WebKit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64331"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00008.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00012.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/93066"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207143"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207157"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207158"
      },
      {
        "trust": 1.1,
        "url": "http://mksben.l0.cm/2016/09/safari-uxss-showmodaldialog.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036854"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4758"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu93841436/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90950877/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4758"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/itunes/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4763"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4618"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4769"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4760"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4611"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4768"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4731"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4765"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4758"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4759"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4751"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "db": "BID",
        "id": "93066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "PACKETSTORM",
        "id": "138792"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "db": "BID",
        "id": "93066"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "db": "PACKETSTORM",
        "id": "138792"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "date": "2016-09-20T00:00:00",
        "db": "BID",
        "id": "93066"
      },
      {
        "date": "2016-09-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "date": "2016-09-20T15:55:55",
        "db": "PACKETSTORM",
        "id": "138792"
      },
      {
        "date": "2016-09-25T10:59:52.830000",
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "date": "2016-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93577"
      },
      {
        "date": "2016-09-20T00:00:00",
        "db": "BID",
        "id": "93066"
      },
      {
        "date": "2016-09-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      },
      {
        "date": "2017-07-30T01:29:06.583000",
        "db": "NVD",
        "id": "CVE-2016-4758"
      },
      {
        "date": "2016-09-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Used in products  WebKit Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004943"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201609-455"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4758 (GCVE-0-2016-4758)

CNVD-2016-08277

GHSA-2QJ9-5HWH-H764

CERTFR-2016-AVI-316

Solution

CERTFR-2016-AVI-316

Solution

GSD-2016-4758

FKIE_CVE-2016-4758

VAR-201609-0254

Tags

Sightings

Nomenclature