#VU167 Resource exhaustion in Apple Inc. products - CVE-2016-4592
Published: July 19, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU167
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4592
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple Safari
Apple iOS
tvOS
Apple Safari
Apple iOS
tvOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote attacker to cause denial of service.
The vulnerability exists due to access control error in Apple Safari. A remote unauthenticated attacker can cause denial of service bycreating a specially crafted web site that, when loaded by the target user, will consume excessive memory resources on the target system.
Successful exploitation of this vulnerability may result in denial of vulnerable system.
The vulnerability exists due to access control error in Apple Safari. A remote unauthenticated attacker can cause denial of service bycreating a specially crafted web site that, when loaded by the target user, will consume excessive memory resources on the target system.
Successful exploitation of this vulnerability may result in denial of vulnerable system.
Remediation
The vendor has issued a fix (9.1.2).