CVE-2016-4763 Information

Feb 14, 2021 cve

Description

WKWebView in WebKit in Apple iOS before 10 iTunes before 12.5.1 on Windows and Safari before 10 does not properly verify X.509 certificates from HTTPS servers which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Reference

http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html http://www.securityfocus.com/bid/93066 http://www.securitytracker.com/id/1036854 https://support.apple.com/HT207143 https://support.apple.com/HT207157 https://support.apple.com/HT207158

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.8

Share on: