8.8
CVE-2016-4728
- EPSS 2.42%
- Veröffentlicht 25.09.2016 10:59:32
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.42% | 0.82 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
https://support.apple.com/HT207142
https://support.apple.com/HT207143
http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html
http://www.securitytracker.com/id/1036854
https://support.apple.com/HT207157
http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
http://www.securityfocus.com/bid/93064
https://support.apple.com/HT207158