Sign-up

ID

VAR-201702-0352


CVE

CVE-2016-4764


TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-007476

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in WebKit. ========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1

Trust: 2.07

sources: NVD: CVE-2016-4764 // JVNDB: JVNDB-2016-007476 // BID: 94430 // VULHUB: VHN-93583 // PACKETSTORM: 140417

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:lteversion:9.2.2

Trust: 1.0

vendor:applemodel:safariscope:lteversion:9.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.3.5

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:12.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:9.1.3

Trust: 0.9

vendor:applemodel:iosscope:ltversion:10 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.5.1 (windows 7 or later )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:10 (macos sierra 10.12)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:10 (os x el capitan v10.11.6)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:10 (os x yosemite v10.10.5)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:12.5.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.5

Trust: 0.6

vendor:applemodel:tvscope:eqversion:9.2.2

Trust: 0.6

vendor:applemodel:safariscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.8

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.4

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:neversion:10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

sources: BID: 94430 // JVNDB: JVNDB-2016-007476 // CNNVD: CNNVD-201611-583 // NVD: CVE-2016-4764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4764
value: HIGH

Trust: 1.0

NVD: CVE-2016-4764
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201611-583
value: HIGH

Trust: 0.6

VULHUB: VHN-93583
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4764
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93583
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4764
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-4764
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-93583 // JVNDB: JVNDB-2016-007476 // CNNVD: CNNVD-201611-583 // NVD: CVE-2016-4764

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-93583 // JVNDB: JVNDB-2016-007476 // NVD: CVE-2016-4764

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 140417 // CNNVD: CNNVD-201611-583

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201611-583

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007476

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-09-20-3 iOS 10url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
Trust: 0.8
title:APPLE-SA-2016-09-20-7 iTunes 12.5.1 for Windowsurl:http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
Trust: 0.8
title:APPLE-SA-2016-09-20-2 Safari 10url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html
Trust: 0.8
title:APPLE-SA-2016-09-20-6 tvOS 10url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
Trust: 0.8
title:HT207143url:https://support.apple.com/en-us/HT207143
Trust: 0.8
title:HT207158url:https://support.apple.com/en-us/HT207158
Trust: 0.8
title:HT207157url:https://support.apple.com/en-us/HT207157
Trust: 0.8
title:HT207142url:https://support.apple.com/en-us/HT207142
Trust: 0.8
title:HT207142url:https://support.apple.com/ja-jp/HT207142
Trust: 0.8
title:HT207143url:https://support.apple.com/ja-jp/HT207143
Trust: 0.8
title:HT207158url:https://support.apple.com/ja-jp/HT207158
Trust: 0.8
title:HT207157url:https://support.apple.com/ja-jp/HT207157
Trust: 0.8
title:WebKit Repair measures for memory corruption vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66024
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007476 // 
            
            
            
            CNNVD: CNNVD-201611-583

EXTERNAL IDS
db:NVDid:CVE-2016-4764
Trust: 2.9
db:BIDid:94430
Trust: 2.0
db:JVNid:JVNVU90950877
Trust: 0.8
db:JVNid:JVNVU93841436
Trust: 0.8
db:JVNDBid:JVNDB-2016-007476
Trust: 0.8
db:CNNVDid:CNNVD-201611-583
Trust: 0.7
db:VULHUBid:VHN-93583
Trust: 0.1
db:PACKETSTORMid:140417
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93583 // 
            
            
            
            BID: 94430 // 
            
            
            
            JVNDB: JVNDB-2016-007476 // 
            
            
            
            PACKETSTORM: 140417 // 
            
            
            
            CNNVD: CNNVD-201611-583 // 
            
            
            
            NVD: CVE-2016-4764

REFERENCES
url:http://www.securityfocus.com/bid/94430
Trust: 1.7
url:https://support.apple.com/ht207142
Trust: 1.7
url:https://support.apple.com/ht207143
Trust: 1.7
url:https://support.apple.com/ht207157
Trust: 1.7
url:https://support.apple.com/ht207158
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4764
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93841436/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90950877/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4764
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://support.apple.com/en-in/ht207157
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-4767
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4707
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4728
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4613
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-7578
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4734
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4657
Trust: 0.1
url:http://www.ubuntu.com/usn/usn-3166-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4769
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4760
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4764
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4768
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4762
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4666
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4765
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4761
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4759
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4733
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-4735
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93583 // 
            
            
            
            BID: 94430 // 
            
            
            
            JVNDB: JVNDB-2016-007476 // 
            
            
            
            PACKETSTORM: 140417 // 
            
            
            
            CNNVD: CNNVD-201611-583 // 
            
            
            
            NVD: CVE-2016-4764

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 94430

SOURCES
db:VULHUBid:VHN-93583
db:BIDid:94430
db:JVNDBid:JVNDB-2016-007476
db:PACKETSTORMid:140417
db:CNNVDid:CNNVD-201611-583
db:NVDid:CVE-2016-4764

LAST UPDATE DATE
2025-04-20T19:32:38.503000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93583date:2020-01-23T00:00:00
db:BIDid:94430date:2016-11-24T01:13:00
db:JVNDBid:JVNDB-2016-007476date:2017-03-01T00:00:00
db:CNNVDid:CNNVD-201611-583date:2019-03-13T00:00:00
db:NVDid:CVE-2016-4764date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-93583date:2017-02-20T00:00:00
db:BIDid:94430date:2016-11-03T00:00:00
db:JVNDBid:JVNDB-2016-007476date:2017-03-01T00:00:00
db:PACKETSTORMid:140417date:2017-01-10T23:06:00
db:CNNVDid:CNNVD-201611-583date:2016-11-03T00:00:00
db:NVDid:CVE-2016-4764date:2017-02-20T08:59:01.307