#VU598 Access bypass in Apple Inc. products - CVE-2016-4763
Published: September 21, 2016 / Updated: January 16, 2017
Vulnerability identifier: #VU598
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4763
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple Safari
iTunes
Apple iOS
Apple Safari
iTunes
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote privileged user to obtain network traffic.
The weakness is caused by certificate validation flaw that is used to read and modify network traffic from applications that use WKWebView with HTTPS.
Successful exploitation of the vulnerability allows a malicious user to gain access to network traffic.
The weakness is caused by certificate validation flaw that is used to read and modify network traffic from applications that use WKWebView with HTTPS.
Successful exploitation of the vulnerability allows a malicious user to gain access to network traffic.
Remediation
Update to 10.0.