Resource exhaustion in Apple Inc. products - CVE-2016-4592
Published: July 19, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU167
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4592
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple Safari
Apple iOS
tvOS
Apple Safari
Apple iOS
tvOS
Detailed vulnerability description
The vulnerability allows a remote attacker to cause denial of service.
The vulnerability exists due to access control error in Apple Safari. A remote unauthenticated attacker can cause denial of service bycreating a specially crafted web site that, when loaded by the target user, will consume excessive memory resources on the target system.
Successful exploitation of this vulnerability may result in denial of vulnerable system.
The vulnerability exists due to access control error in Apple Safari. A remote unauthenticated attacker can cause denial of service bycreating a specially crafted web site that, when loaded by the target user, will consume excessive memory resources on the target system.
Successful exploitation of this vulnerability may result in denial of vulnerable system.
How to mitigate CVE-2016-4592
The vendor has issued a fix (9.1.2).