Sign-up

ID

VAR-201607-0330


CVE

CVE-2016-4586


TITLE

Apple Safari and tvOS Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004053

DESCRIPTION

WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple Safari and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. The former is a web browser that comes with the default browser on Mac OS X and iOS operating systems; the latter is an operating system for smart TVs. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit in Apple Safari versions prior to 9.1.2 and tvOS versions prior to 9.2.2. =========================================================================== Ubuntu Security Notice USN-3079-1 September 14, 2016 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1 . This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. (www.mbsd.jp) Safari 9.1.2 may be obtained from the Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0005 ------------------------------------------------------------------------ Date reported : August 25, 2016 Advisory ID : WSA-2016-0005 Advisory URL : https://webkitgtk.org/security/WSA-2016-0005.html CVE identifiers : CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651. Several vulnerabilities were discovered in WebKitGTK+. CVE-2016-4583 Versions affected: WebKitGTK+ before 2.12.2. Credit to Roeland Krak. CVE-2016-4585 Versions affected: WebKitGTK+ before 2.12.1. Credit to Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp). CVE-2016-4586 Versions affected: WebKitGTK+ before 2.12.1. CVE-2016-4587 Versions affected: WebKitGTK+ before 2.10.1. CVE-2016-4588 Versions affected: WebKitGTK+ before 2.12.3. CVE-2016-4589 Versions affected: WebKitGTK+ before 2.12.3. Credit to Tongbo Luo and Bo Qu of Palo Alto Networks. CVE-2016-4590 Versions affected: WebKitGTK+ before 2.12.4. Credit to xisigr of Tencent's Xuanwu Lab (www.tencent.com). CVE-2016-4591 Versions affected: WebKitGTK+ before 2.12.4. Credit to ma.la of LINE Corporation. CVE-2016-4592 Versions affected: WebKitGTK+ before 2.10.5. Credit to Mikhail. CVE-2016-4622 Versions affected: WebKitGTK+ before 2.12.4. Credit to Samuel Gross working with Trend Micro's Zero Day Initiative. CVE-2016-4623 Versions affected: WebKitGTK+ before 2.12.0. CVE-2016-4624 Versions affected: WebKitGTK+ before 2.12.4. CVE-2016-4651 Versions affected: WebKitGTK+ before 2.12.0. Credit to Obscure. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, August 25, 2016 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-4 tvOS 9.2.2 tvOS 9.2.2 is now available and addresses the following: CoreGraphics Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOHIDFamily Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent, CESG libxml2 Available for: Apple TV (4th generation) Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: Apple TV (4th generation) Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: Apple TV (4th generation) Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Sandbox Profiles Available for: Apple TV (4th generation) Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4586 : Apple CVE-2016-4588 : Apple CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. This issue was addressed through improved URL validation on redirection. (www.mbsd.jp) Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA+AAoJEIOj74w0bLRGi6IP/2DDPP2Z208nJPL0+a+bMJA4 JUIrF0BM4wyr1Hy/Vb2zN5RkAZYeHwq8Jq9av9qu79Xgan2jcgPRWKSAiztp0BMx kYPLi6PrpvWiWLHpqkWGnKVK1LmdBQXKrPsCmMJacKJ2TldBMofAiuh3QrjqZ7ud GVbTB4HkjX2FnpCt25DkUK5Y5oWP8lv4rvB+iTfO/kVGfSMfrTg1HGH3s49+UTHV GICBGi+L8yftmYaM10a5JjnOCRiIKXa95Kt1CTPrDxFSJG2QBmMBvSGV4qivyf6i buqAso81LVWnJBIKjj21usJqm6Q1lqtU5MTElfDq0w/uo7oxL/eWB4e8H0lm9Jow oD+ZepkO0SHQgwNWprMKrEbI/xow1CiYdxj/a8DYSuQicCjPZanQux04MurfmU5Q YEkzj+oxuzBherHAVwqleHEglDOy6CJx/UCVoxnf0Tcj9FQOTzQ+aUqYMXrM33Yu zhU4Eai/9PKLLuqQzhgXYqsSnHKu5ojzesunRo09D+Q1jjSyIXvhmUmCXBgDvcls MfSUjWJJxniqj+C8zFeHuFEbPU70urVmUH7rWSBsRCRhjzwYMAWpPejkT/XDs1qm SCTElHATr+BfvS0v1E5En2xNKXSodyJL1SaK9rHnkre+40+e0IJJbOQzbQH9MAcJ ylGAp0etGDWZ40Q5IyH8 =N/Ug -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2016-4586 // JVNDB: JVNDB-2016-004053 // BID: 91827 // VULHUB: VHN-93405 // PACKETSTORM: 138715 // PACKETSTORM: 137962 // PACKETSTORM: 138502 // PACKETSTORM: 137961

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:ltversion:9.2.2

Trust: 1.0

vendor:applemodel:safariscope:ltversion:9.1.2

Trust: 1.0

vendor:applemodel:safariscope:ltversion:9.1.2 (os x el capitan v10.11.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.1.2 (os x mavericks v10.9.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:9.1.2 (os x yosemite v10.10.5)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.2.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:webkitscope: - version: -

Trust: 0.6

vendor:applemodel:safariscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:tvosscope:neversion:9.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.31

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.4

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.34

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.52

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4419.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.31

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.28

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.33

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.30

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:safariscope:neversion:9.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

sources: BID: 91827 // JVNDB: JVNDB-2016-004053 // CNNVD: CNNVD-201607-848 // NVD: CVE-2016-4586

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4586
value: HIGH

Trust: 1.0

NVD: CVE-2016-4586
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201607-848
value: HIGH

Trust: 0.6

VULHUB: VHN-93405
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4586
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93405
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4586
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93405 // JVNDB: JVNDB-2016-004053 // CNNVD: CNNVD-201607-848 // NVD: CVE-2016-4586

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-93405 // JVNDB: JVNDB-2016-004053 // NVD: CVE-2016-4586

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 138715 // CNNVD: CNNVD-201607-848

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201607-848

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004053

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-07-18-5 Safari 9.1.2url:http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html
Trust: 0.8
title:APPLE-SA-2016-07-18-4 tvOS 9.2.2url:http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
Trust: 0.8
title:HT206905url:https://support.apple.com/en-us/HT206905
Trust: 0.8
title:HT206900url:https://support.apple.com/en-us/HT206900
Trust: 0.8
title:HT206900url:https://support.apple.com/ja-jp/HT206900
Trust: 0.8
title:HT206905url:https://support.apple.com/ja-jp/HT206905
Trust: 0.8
title:Apple Safari  and tvOS WebKit Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63208
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004053 // 
            
            
            
            CNNVD: CNNVD-201607-848

EXTERNAL IDS
db:NVDid:CVE-2016-4586
Trust: 3.2
db:BIDid:91827
Trust: 2.0
db:PACKETSTORMid:138502
Trust: 1.8
db:SECTRACKid:1036343
Trust: 1.7
db:JVNid:JVNVU94844193
Trust: 0.8
db:JVNDBid:JVNDB-2016-004053
Trust: 0.8
db:CNNVDid:CNNVD-201607-848
Trust: 0.7
db:VULHUBid:VHN-93405
Trust: 0.1
db:PACKETSTORMid:138715
Trust: 0.1
db:PACKETSTORMid:137962
Trust: 0.1
db:PACKETSTORMid:137961
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93405 // 
            
            
            
            BID: 91827 // 
            
            
            
            JVNDB: JVNDB-2016-004053 // 
            
            
            
            PACKETSTORM: 138715 // 
            
            
            
            PACKETSTORM: 137962 // 
            
            
            
            PACKETSTORM: 138502 // 
            
            
            
            PACKETSTORM: 137961 // 
            
            
            
            CNNVD: CNNVD-201607-848 // 
            
            
            
            NVD: CVE-2016-4586

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00004.html
Trust: 1.7
url:http://www.securityfocus.com/bid/91827
Trust: 1.7
url:http://www.securityfocus.com/archive/1/539295/100/0/threaded
Trust: 1.7
url:https://support.apple.com/ht206900
Trust: 1.7
url:https://support.apple.com/ht206905
Trust: 1.7
url:http://packetstormsecurity.com/files/138502/webkitgtk-sop-bypass-information-disclosure.html
Trust: 1.7
url:http://www.securitytracker.com/id/1036343
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4586
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94844193/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4586
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-4586
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2016-4591
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2016-4583
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2016-4589
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2016-4622
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2016-4585
Trust: 0.4
url:https://www.apple.com/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4623
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4651
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4590
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4624
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4588
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4592
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4587
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4584
Trust: 0.2
url:https://gpgtools.org
Trust: 0.2
url:https://www.mbsd.jp)
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:http://support.apple.com/kb/ht201222
Trust: 0.2
url:http://www.ubuntu.com/usn/usn-3079-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1854
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1856
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1859
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1857
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1858
Trust: 0.1
url:https://www.tencent.com)
Trust: 0.1
url:https://webkitgtk.org/security/wsa-2016-0005.html
Trust: 0.1
url:https://webkitgtk.org/security.html
Trust: 0.1
url:https://www.mbsd.jp).
Trust: 0.1
url:https://www.tencent.com).
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4449
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4483
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4616
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4609
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1865
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4619
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1863
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4582
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4615
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1864
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4612
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4614
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4607
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4448
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1684
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4610
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4594
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4608
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93405 // 
            
            
            
            BID: 91827 // 
            
            
            
            JVNDB: JVNDB-2016-004053 // 
            
            
            
            PACKETSTORM: 138715 // 
            
            
            
            PACKETSTORM: 137962 // 
            
            
            
            PACKETSTORM: 138502 // 
            
            
            
            PACKETSTORM: 137961 // 
            
            
            
            CNNVD: CNNVD-201607-848 // 
            
            
            
            NVD: CVE-2016-4586

CREDITS
Apple
Trust: 0.5
sources:
            
            
            BID: 91827 // 
            
            
            
            PACKETSTORM: 137962 // 
            
            
            
            PACKETSTORM: 137961

SOURCES
db:VULHUBid:VHN-93405
db:BIDid:91827
db:JVNDBid:JVNDB-2016-004053
db:PACKETSTORMid:138715
db:PACKETSTORMid:137962
db:PACKETSTORMid:138502
db:PACKETSTORMid:137961
db:CNNVDid:CNNVD-201607-848
db:NVDid:CVE-2016-4586

LAST UPDATE DATE
2025-04-13T20:31:42.156000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93405date:2019-03-25T00:00:00
db:BIDid:91827date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004053date:2016-07-29T00:00:00
db:CNNVDid:CNNVD-201607-848date:2019-03-13T00:00:00
db:NVDid:CVE-2016-4586date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-93405date:2016-07-22T00:00:00
db:BIDid:91827date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004053date:2016-07-29T00:00:00
db:PACKETSTORMid:138715date:2016-09-14T16:52:04
db:PACKETSTORMid:137962date:2016-07-19T20:05:55
db:PACKETSTORMid:138502date:2016-08-25T04:44:44
db:PACKETSTORMid:137961date:2016-07-19T20:04:09
db:CNNVDid:CNNVD-201607-848date:2016-07-26T00:00:00
db:NVDid:CVE-2016-4586date:2016-07-22T02:59:08.973