Access bypass in Apple Inc. products - CVE-2016-4763
Published: September 21, 2016 / Updated: January 16, 2017
Vulnerability identifier: #VU598
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4763
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple Safari
iTunes
Apple iOS
Apple Safari
iTunes
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote privileged user to obtain network traffic.
The weakness is caused by certificate validation flaw that is used to read and modify network traffic from applications that use WKWebView with HTTPS.
Successful exploitation of the vulnerability allows a malicious user to gain access to network traffic.
The weakness is caused by certificate validation flaw that is used to read and modify network traffic from applications that use WKWebView with HTTPS.
Successful exploitation of the vulnerability allows a malicious user to gain access to network traffic.
How to mitigate CVE-2016-4763
Update to 10.0.