Main Vulnerability Database SB2016092135

SB2016092135 - Access bypass in Apple Safari

Published: September 21, 2016 Updated: January 16, 2017

Security Bulletin ID SB2016092135

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Access bypass (CVE-ID: CVE-2016-4760)

The vulnerability allows a remote web-site to obtain non-HTTP services on the target system.
The weakness exists due to improper checking of HTTP responses. A malicious web-site returns specially crafted HTTP/0.9 responses that allows to get non-HTTP services.
Successful exploitation of the vulnerability results in access to non-HTTP services on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/HT207157
https://support.apple.com/en-us/HT207158
https://support.apple.com/cs-cz/HT207143