Information disclosure in Apple Safari
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-4758 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apple Safari Client/Desktop applications / Web browsers iTunes Client/Desktop applications / Multimedia software Apple iOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU597
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4758
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to obtain potentially sensitive information on the target system.
The weakness exists due to permissions flaw in the variable location handling and leads to sensivitive information disclosure.
Successful exploitation of the vulnerability results in access to potentially sensitive data.
Update to 10.0
Apple Safari: 9.0 - 9.1.3
iTunes: 12.0.1.26 - 12.4.3.1
Apple iOS: 9.0.0 - 9.3.5
CPE2.3- cpe:2.3:a:apple:apple_safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:12.0.1.26:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:9.0.0:*:*:*:*:*:*:*
https://support.apple.com/en-us/HT207157
https://support.apple.com/en-us/HT207158
https://support.apple.com/en-us/HT207157
https://support.apple.com/cs-cz/HT207143
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
