Details of VAR-201605-0427

ID

VAR-201605-0427

CVE

CVE-2016-1857

TITLE

Apple Used in products Webkit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-002850

DESCRIPTION

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ArrayBuffer objects. By triggering certain JavaScript optimizations, an attacker can force an ArrayBuffer in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. =========================================================================== Ubuntu Security Notice USN-3079-1 September 14, 2016 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1 . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0004 ------------------------------------------------------------------------ Date reported : May 30, 2016 Advisory ID : WSA-2016-0004 Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859. Several vulnerabilities were discovered in WebKitGTK+. CVE-2016-1854 Versions affected: WebKitGTK+ before 2.12.1. Credit to Anonymous working with Trend Micro's Zero Day Initiative. CVE-2016-1856 Versions affected: WebKitGTK+ before 2.12.1. Credit to lokihardt working with Trend Micro's Zero Day Initiative. CVE-2016-1857 Versions affected: WebKitGTK+ before 2.12.3. Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative. CVE-2016-1858 Versions affected: WebKitGTK+ before 2.12.0. Credit to Anonymous. CVE-2016-1859 Versions affected: WebKitGTK+ before 2.12.1. Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, May 30, 2016 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-5 Safari 9.1.1 Safari 9.1.1 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+ LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8 P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3 2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7 CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2 SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL 6xvn35QzPS6xQsexYsbi =Ybx7 -----END PGP SIGNATURE-----

Trust: 2.97

sources: NVD: CVE-2016-1857 // JVNDB: JVNDB-2016-002850 // ZDI: ZDI-16-343 // BID: 90689 // VULHUB: VHN-90676 // VULMON: CVE-2016-1857 // PACKETSTORM: 138715 // PACKETSTORM: 137229 // PACKETSTORM: 137089

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	9.3.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	lt	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	9.2.1	Trust: 1.0
vendor:	webkitgtk	model:	webkitgtk\+	scope:	lt	version:	2.12.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.1.1 (os x el capitan v10.11.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.1.1 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.1.1 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	9.2.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.1	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	9.2	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: ZDI: ZDI-16-343 // BID: 90689 // JVNDB: JVNDB-2016-002850 // CNNVD: CNNVD-201605-472 // NVD: CVE-2016-1857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1857
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1857
value:	HIGH
Trust: 0.8
ZDI:	CVE-2016-1857
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201605-472
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90676
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-1857
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1857
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
VULHUB:	VHN-90676
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1857
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-16-343 // VULHUB: VHN-90676 // VULMON: CVE-2016-1857 // JVNDB: JVNDB-2016-002850 // CNNVD: CNNVD-201605-472 // NVD: CVE-2016-1857

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90676 // JVNDB: JVNDB-2016-002850 // NVD: CVE-2016-1857

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 138715 // CNNVD: CNNVD-201605-472

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201605-472

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002850

PATCH

title:	HT206568	url:	https://support.apple.com/en-us/HT206568	Trust: 1.5
title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-05-16-2 iOS 9.3.2	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-1 tvOS 9.2.1	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-5 Safari 9.1.1	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00005.html	Trust: 0.8
title:	HT206564	url:	https://support.apple.com/en-us/HT206564	Trust: 0.8
title:	HT206565	url:	https://support.apple.com/en-us/HT206565	Trust: 0.8
title:	HT206564	url:	https://support.apple.com/ja-jp/HT206564	Trust: 0.8
title:	HT206565	url:	https://support.apple.com/ja-jp/HT206565	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/ja-jp/HT206568	Trust: 0.8
title:	Apple iOS , watchOS , Safari WebKit Fixes for arbitrary code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61786	Trust: 0.6
title:	Ubuntu Security Notice: webkit2gtk vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3079-1	Trust: 0.1
title:	PegMii-Boogaloo	url:	https://github.com/hedgeberg/PegMii-Boogaloo	Trust: 0.1
title:	Case Study of JavaScript Engine Vulnerabilities	url:	https://github.com/tunz/js-vuln-db	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/lnick2023/nicenice	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: ZDI: ZDI-16-343 // VULMON: CVE-2016-1857 // JVNDB: JVNDB-2016-002850 // CNNVD: CNNVD-201605-472

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1857	Trust: 3.9
db:	ZDI	id:	ZDI-16-343	Trust: 2.5
db:	PACKETSTORM	id:	137229	Trust: 1.9
db:	SECTRACK	id:	1035888	Trust: 1.8
db:	JVN	id:	JVNVU91632741	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002850	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3619	Trust: 0.7
db:	CNNVD	id:	CNNVD-201605-472	Trust: 0.7
db:	BID	id:	90689	Trust: 0.4
db:	VULHUB	id:	VHN-90676	Trust: 0.1
db:	VULMON	id:	CVE-2016-1857	Trust: 0.1
db:	PACKETSTORM	id:	138715	Trust: 0.1
db:	PACKETSTORM	id:	137089	Trust: 0.1

sources: ZDI: ZDI-16-343 // VULHUB: VHN-90676 // VULMON: CVE-2016-1857 // BID: 90689 // JVNDB: JVNDB-2016-002850 // PACKETSTORM: 138715 // PACKETSTORM: 137229 // PACKETSTORM: 137089 // CNNVD: CNNVD-201605-472 // NVD: CVE-2016-1857

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/may/msg00001.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00002.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00005.html	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/538522/100/0/threaded	Trust: 1.8
url:	https://support.apple.com/ht206564	Trust: 1.8
url:	https://support.apple.com/ht206565	Trust: 1.8
url:	https://support.apple.com/ht206568	Trust: 1.8
url:	http://packetstormsecurity.com/files/137229/webkitgtk-code-execution-denial-of-service-memory-corruption.html	Trust: 1.8
url:	http://www.zerodayinitiative.com/advisories/zdi-16-343	Trust: 1.8
url:	http://www.securitytracker.com/id/1035888	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1857	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91632741/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1857	Trust: 0.8
url:	https://support.apple.com/en-us/ht206568	Trust: 0.7
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/safari/download/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1854	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1856	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1859	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1857	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1858	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/hedgeberg/pegmii-boogaloo	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/90689	Trust: 0.1
url:	https://usn.ubuntu.com/3079-1/	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3079-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4623	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4651	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4586	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4591	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4585	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4588	Trust: 0.1
url:	http://webkitgtk.org/security.html	Trust: 0.1
url:	http://webkitgtk.org/security/wsa-2016-0004.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1855	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1849	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	http://support.apple.com/kb/ht201222	Trust: 0.1

CREDITS

Liang Chen of KeenLab Tencent Zhen Feng of KeenLab Tencent wushi of KeenLab Tencent

Trust: 0.7

sources: ZDI: ZDI-16-343

SOURCES

db:	ZDI	id:	ZDI-16-343
db:	VULHUB	id:	VHN-90676
db:	VULMON	id:	CVE-2016-1857
db:	BID	id:	90689
db:	JVNDB	id:	JVNDB-2016-002850
db:	PACKETSTORM	id:	138715
db:	PACKETSTORM	id:	137229
db:	PACKETSTORM	id:	137089
db:	CNNVD	id:	CNNVD-201605-472
db:	NVD	id:	CVE-2016-1857

LAST UPDATE DATE

2024-11-23T21:21:51.422000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-343	date:	2016-05-19T00:00:00
db:	VULHUB	id:	VHN-90676	date:	2019-03-25T00:00:00
db:	VULMON	id:	CVE-2016-1857	date:	2019-03-25T00:00:00
db:	BID	id:	90689	date:	2016-07-06T14:52:00
db:	JVNDB	id:	JVNDB-2016-002850	date:	2016-05-24T00:00:00
db:	CNNVD	id:	CNNVD-201605-472	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2016-1857	date:	2024-11-21T02:47:13.743

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-343	date:	2016-05-19T00:00:00
db:	VULHUB	id:	VHN-90676	date:	2016-05-20T00:00:00
db:	VULMON	id:	CVE-2016-1857	date:	2016-05-20T00:00:00
db:	BID	id:	90689	date:	2016-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-002850	date:	2016-05-24T00:00:00
db:	PACKETSTORM	id:	138715	date:	2016-09-14T16:52:04
db:	PACKETSTORM	id:	137229	date:	2016-05-30T16:44:10
db:	PACKETSTORM	id:	137089	date:	2016-05-17T16:10:15
db:	CNNVD	id:	CNNVD-201605-472	date:	2016-05-20T00:00:00
db:	NVD	id:	CVE-2016-1857	date:	2016-05-20T11:00:11.053