Information disclosure in Apple Inc. products - CVE-2016-4758
Published: September 21, 2016 / Updated: January 16, 2017
Vulnerability identifier: #VU597
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4758
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple Safari
iTunes
Apple iOS
Apple Safari
iTunes
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote user to obtain potentially sensitive information on the target system.
The weakness exists due to permissions flaw in the variable location handling and leads to sensivitive information disclosure.
Successful exploitation of the vulnerability results in access to potentially sensitive data.
The weakness exists due to permissions flaw in the variable location handling and leads to sensivitive information disclosure.
Successful exploitation of the vulnerability results in access to potentially sensitive data.
How to mitigate CVE-2016-4758
Update to 10.0