CVE-2016-4583 — LOW (3.1) — White Hats Nepal

Q: How severe is CVE-2016-4583?

CVE-2016-4583 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4583?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Webkit, Apple Safari, Apple Iphone Os, Apple Tvos, Webkitgtk Webkitgtk\+.

Vulnerability Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

CVSS Score

3.1

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Webkit	-
Apple	Safari	< 9.1.2
Apple	Iphone Os	< 9.3.3
Apple	Tvos	< 9.2.2
Webkitgtk	Webkitgtk\+	< 2.12.2

Related Weaknesses (CWE)

CWE-362

References

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.htmlMailing ListVendor Advisory
http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-DisThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/539295/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/91830Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1036343Third Party AdvisoryVDB Entry
https://support.apple.com/HT206900Vendor Advisory
https://support.apple.com/HT206902Vendor Advisory
https://support.apple.com/HT206905Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.htmlMailing ListVendor Advisory
http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-DisThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/539295/100/0/threadedThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-4583?

CVE-2016-4583 is a vulnerability with a CVSS score of 3.1 (LOW). WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing att...

How severe is CVE-2016-4583?

CVE-2016-4583 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4583?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Webkit, Apple Safari, Apple Iphone Os, Apple Tvos, Webkitgtk Webkitgtk\+.