ID

VAR-201702-0459

CVE

CVE-2016-7578

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to an information-disclosure vulnerability and multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to obtain sensitive information or execute arbitrary code in the context of the affected system. Failed exploit attempts will likely cause a denial-of-service condition. Apple iTunes for Windows is a set of media player applications based on the Windows platform of Apple (Apple), which is mainly used for playing and managing digital music and video files. A security vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.1; Safari prior to 10.0.1; Windows-based iCloud prior to 6.0.1; Windows-based iTunes prior to 12.5.2; tvOS 10.0.1 previous version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1 iCloud for Windows v6.0.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An input validation issue was addressed through improved state management. CVE-2016-4613: Chris Palmer WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-7578: Apple Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYElaQAAoJEIOj74w0bLRGydAP/A7CkkToap07bACp6iVYcQwO LRcILJJzCgQpXU4w95HA4w5iSlV08/PhFsIHb+nrQ4QM9TgUCPx7tlVTw+FUOCUy 1MyYNZCZs66B5w0lZla7unN76SPpt4m2fpz7b6SyTbpkrNuIvb/JC1AQoZOWz1za WBpS9argB+Nhk3HoG/PCGIQT2+iMicKLkK5ltbTGx0OK/hyRd8OM1qtU+z1OijV2 HRZek6yCR5h/4VJroBoyK3KqAashiEjGG7En9CHu3x2WLH9au62TVo74ugssfo3f gKuyBn8RZg8uFEo/iuBTNuU6rnoGQlY1YwNbyyAWlLuY2D0zgI3K9eREi6/T8LaO RJ6vz79hJHqfJIvMGGPZB9k4fWkBZemqhqfgW7RMBD7iBSYmoCIAbh679c12aik4 EF3rGTww+/3vdH3/Tb6w+5LTjIWjaYK05FInfzH2wY5sXT470VL946X6ueQysXOW kZ//jXIG52zS4pITnR+TPS5Ed9Xrwl6QhMtnSlPOmaUiuZyfmf6hxNmc9jkO9qs8 wIUeDOk83pVfOkrdEG1YUaHM35ntKEpqUFAtcgai0Z9DGtXMKiqikMLJMD8fdJ3g VPUWeZWA28cWZkv9RCNtVm/LZ0orVczUQZIdsThbfb5Kgi1YcG+BdT1+jfJvuiFt cmmT4qoVmcLgqmd0UR8Z =qqLM -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Chris Palmer

SOURCES

LAST UPDATE DATE

2025-04-20T20:27:30.256000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE