CVE-2016-4763

Published on: 09/25/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:57 PM UTC

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Certain versions of Iphone Os from Apple contain the following vulnerability:

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2016-4763 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.8 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH NONE

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL NONE

CVE References

Description Tags Link
APPLE-SA-2016-09-20-3 iOS 10 Mailing List
Vendor Advisory
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-09-20-3
About the security content of Safari 10 - Apple Support Vendor Advisory
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT207157
Malformed Request cve.report (archive)
text/html
URL Logo BID 93066
About the security content of iOS 10 - Apple Support Vendor Advisory
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT207143
About the security content of iTunes 12.5.1 for Windows - Apple Support Vendor Advisory
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT207158
APPLE-SA-2016-09-20-7 iTunes 12.5.1 for Windows Mailing List
Vendor Advisory
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-09-20-7
APPLE-SA-2016-09-20-2 Safari 10 Mailing List
Vendor Advisory
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-09-20-2
Apple Safari Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information, Spoof the Address Bar, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036854

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
AppleIphone OsAllAllAllAll
ApplicationAppleItunesAllAllAllAll
ApplicationAppleSafariAllAllAllAll
Operating
System
MicrosoftWindowsAllAllAllAll
Operating
System
MicrosoftWindowsAllAllAllAll
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*: