Access bypass in Apple Safari
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-4763 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Apple Safari Client/Desktop applications / Web browsers iTunes Client/Desktop applications / Multimedia software Apple iOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Access bypass
EUVDB-ID: #VU598
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4763
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to obtain network traffic.
The weakness is caused by certificate validation flaw that is used to read and modify network traffic from applications that use WKWebView with HTTPS.
Successful exploitation of the vulnerability allows a malicious user to gain access to network traffic.
Update to 10.0.
Apple Safari: 9.0 - 9.1.3
iTunes: 12.0.1.26 - 12.4.3.1
Apple iOS: 9.0.0 - 9.3.5
External linkshttp://support.apple.com/en-us/HT207157
http://support.apple.com/en-us/HT207158
http://support.apple.com/en-us/HT207157
http://support.apple.com/cs-cz/HT207143
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
