ID

VAR-201608-0188


CVE

CVE-2016-4657


TITLE

Apple iOS  used in etc.  WebKit  Vulnerability to execute arbitrary code in

Trust: 0.8

sources: JVNDB: JVNDB-2016-004457

DESCRIPTION

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit in versions prior to Apple iOS 9.3.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-08-25-1 iOS 9.3.5 iOS 9.3.5 is now available and addresses the following: Kernel Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later Impact: An application may be able to disclose kernel memory Description: A validation issue was addressed through improved input sanitization. CVE-2016-4655: Citizen Lab and Lookout Kernel Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4656: Citizen Lab and Lookout WebKit Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4657: Citizen Lab and Lookout Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.3.5". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXvzhMAAoJEIOj74w0bLRGBAMP/RvcCKskvhLhBTixjPNBWWqE VFuQCMGif3Q9/2vLv9tQxeesXdG30Rn7LkCSStR0ZhSPrNFlSDlhHj/KOLFd5en+ lgctmToXnLQl+FzTnN0Tn872R3VENBl78OiP6K1urDJHMs1OwGgORyyKQgcaGcDZ GCBK7PUaK/yKVXfm1SJsMcyNL3lRGd05OnCPaXJruMZlbTWidK7R649oodPIIX+H cokqXBjM94M/Y6BUbPAeEh4lSk6ukygYHeb+JuTTj0AQ+82qIkWctkZLIVHZDLak aaTxLFpH9T9BAOTKSnpwFZa0Nj912OSkFbIbCMNyCcX/l7z2Pd+EVg/7rEEZBW+I yyo67JsXWQtCP9/P5El3V1lepNfuGOpRM5S+B/X2X+774QV/Xx8blVXTeDdDAk++ bHblfQKx2Xlkrznl+SFLnDfY5d8TlRmLEcQu1N7DiN22I1Qi9eXdzicBrCHyY3s0 sFTj577aBQ2gyH6EWTg4VfZHKKXtzPTNuSpAwobK8HKacezUhCXQ0BScmS47UMHu uk/sdirJX1GAfD0P7bcOsnTdMHG+vkXIFTuV+JsGcpg136kdg7rejVIsj/AKRChz f+e/7YsJIpMQriDr4w07huosClXKqSw64ygPyP0KYHTjO1picPocw1SF7eqyeng0 C6oESP46AbWYUbdihpm7 =PDst -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1

Trust: 2.25

sources: NVD: CVE-2016-4657 // JVNDB: JVNDB-2016-004457 // BID: 92653 // VULHUB: VHN-93476 // VULMON: CVE-2016-4657 // PACKETSTORM: 138513 // PACKETSTORM: 140417

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:9.3.5

Trust: 1.0

vendor:アップルmodel:iosscope:ltversion:(ipod touch no. 5 generation onwards )

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:(iphone 4s from )

Trust: 0.8

vendor:アップルmodel:iosscope:eqversion:9.3.5

Trust: 0.8

vendor:アップルmodel:iosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:(ipad 2 from )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.3.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.31

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:neversion:9.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.34

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.52

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.31

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.28

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.33

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.30

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 92653 // JVNDB: JVNDB-2016-004457 // CNNVD: CNNVD-201608-462 // NVD: CVE-2016-4657

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4657
value: HIGH

Trust: 1.0

NVD: CVE-2016-4657
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201608-462
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93476
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-4657
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4657
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-93476
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4657
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2016-4657
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-93476 // VULMON: CVE-2016-4657 // JVNDB: JVNDB-2016-004457 // CNNVD: CNNVD-201608-462 // NVD: CVE-2016-4657

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-93476 // JVNDB: JVNDB-2016-004457 // NVD: CVE-2016-4657

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 140417 // CNNVD: CNNVD-201608-462

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201608-462

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-93476 // VULMON: CVE-2016-4657

PATCH

title:HT207131url:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:Apple iOS WebKit Repair measures for memory corruption vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63785

Trust: 0.6

title:Apple: Safari 9.1.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=656e3622f551685efbf8a50d1a0145ff

Trust: 0.1

title:Apple: iOS 9.3.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=804bc13f15b1f31921cd544e2c4873d7

Trust: 0.1

title:Ubuntu Security Notice: webkit2gtk vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3166-1

Trust: 0.1

title:Switcheroourl:https://github.com/iDaN5x/Switcheroo

Trust: 0.1

title:Tridenturl:https://github.com/EGYbkgo9449/Trident

Trust: 0.1

title:webkit-vulnerabilityurl:https://github.com/vigneshyaadav27/webkit-vulnerability

Trust: 0.1

title:iOS-9.3.2-Trident-5Curl:https://github.com/AhmedZKool/iOS-9.3.2-Trident-5C

Trust: 0.1

title:Trident-masterurl:https://github.com/mehulrao/Trident-master

Trust: 0.1

title:Tridenturl:https://github.com/0nc1s/Trident

Trust: 0.1

title:Tridenturl:https://github.com/benjamin-42/Trident

Trust: 0.1

title:Trident-Add-Supporturl:https://github.com/mehulrao/Trident-Add-Support

Trust: 0.1

title:reverse-engineering-toolkiturl:https://github.com/geeksniper/reverse-engineering-toolkit

Trust: 0.1

title:Threatposturl:https://threatpost.com/apple-patches-trident-vulnerabilities-in-os-x-safari/120336/

Trust: 0.1

title:Threatposturl:https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/

Trust: 0.1

sources: VULMON: CVE-2016-4657 // JVNDB: JVNDB-2016-004457 // CNNVD: CNNVD-201608-462

EXTERNAL IDS

db:NVDid:CVE-2016-4657

Trust: 3.9

db:BIDid:92653

Trust: 1.5

db:EXPLOIT-DBid:44836

Trust: 1.2

db:SECTRACKid:1036694

Trust: 1.2

db:JVNid:JVNVU92267426

Trust: 0.8

db:JVNid:JVNVU99497792

Trust: 0.8

db:JVNDBid:JVNDB-2016-004457

Trust: 0.8

db:CNNVDid:CNNVD-201608-462

Trust: 0.7

db:CXSECURITYid:WLB-2018030020

Trust: 0.6

db:EXPLOIT-DBid:44213

Trust: 0.2

db:SEEBUGid:SSVID-92772

Trust: 0.1

db:VULHUBid:VHN-93476

Trust: 0.1

db:VULMONid:CVE-2016-4657

Trust: 0.1

db:PACKETSTORMid:138513

Trust: 0.1

db:PACKETSTORMid:140417

Trust: 0.1

sources: VULHUB: VHN-93476 // VULMON: CVE-2016-4657 // BID: 92653 // JVNDB: JVNDB-2016-004457 // PACKETSTORM: 138513 // PACKETSTORM: 140417 // CNNVD: CNNVD-201608-462 // NVD: CVE-2016-4657

REFERENCES

url:http://www.securityfocus.com/bid/92653

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2016/aug/msg00000.html

Trust: 1.2

url:https://support.apple.com/ht207107

Trust: 1.2

url:https://www.exploit-db.com/exploits/44836/

Trust: 1.2

url:https://blog.lookout.com/blog/2016/08/25/trident-pegasus/

Trust: 1.2

url:https://www.youtube.com/watch?v=xkdpjbalnge

Trust: 1.2

url:http://www.securitytracker.com/id/1036694

Trust: 1.2

url:http://jvn.jp/vu/jvnvu99497792/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92267426/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4657

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20160829-ios.html

Trust: 0.8

url:https://cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

url:https://cxsecurity.com/issue/wlb-2018030020

Trust: 0.6

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/safari/download/

Trust: 0.3

url:http://www.symantec.com/connect/blogs/trident-trio-ios-zero-days-being-exploited-wild

Trust: 0.3

url:https://support.apple.com/en-ie/ht207107

Trust: 0.3

url:https://support.apple.com/en-us/ht207131

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4657

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://www.exploit-db.com/exploits/44213/

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=48712

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/idan5x/switcheroo

Trust: 0.1

url:https://usn.ubuntu.com/3166-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4656

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4655

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4707

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4728

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4613

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-7578

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4734

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-3166-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4760

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4765

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4733

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4735

Trust: 0.1

sources: VULHUB: VHN-93476 // VULMON: CVE-2016-4657 // BID: 92653 // JVNDB: JVNDB-2016-004457 // PACKETSTORM: 138513 // PACKETSTORM: 140417 // CNNVD: CNNVD-201608-462 // NVD: CVE-2016-4657

CREDITS

LiveOverflow

Trust: 0.6

sources: CNNVD: CNNVD-201608-462

SOURCES

db:VULHUBid:VHN-93476
db:VULMONid:CVE-2016-4657
db:BIDid:92653
db:JVNDBid:JVNDB-2016-004457
db:PACKETSTORMid:138513
db:PACKETSTORMid:140417
db:CNNVDid:CNNVD-201608-462
db:NVDid:CVE-2016-4657

LAST UPDATE DATE

2024-11-23T19:35:55.721000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93476date:2018-06-08T00:00:00
db:VULMONid:CVE-2016-4657date:2018-06-08T00:00:00
db:BIDid:92653date:2016-09-02T07:00:00
db:JVNDBid:JVNDB-2016-004457date:2024-07-08T07:17:00
db:CNNVDid:CNNVD-201608-462date:2021-08-18T00:00:00
db:NVDid:CVE-2016-4657date:2024-11-21T02:52:42.907

SOURCES RELEASE DATE

db:VULHUBid:VHN-93476date:2016-08-25T00:00:00
db:VULMONid:CVE-2016-4657date:2016-08-25T00:00:00
db:BIDid:92653date:2016-08-25T00:00:00
db:JVNDBid:JVNDB-2016-004457date:2016-08-29T00:00:00
db:PACKETSTORMid:138513date:2016-08-25T22:22:22
db:PACKETSTORMid:140417date:2017-01-10T23:06:00
db:CNNVDid:CNNVD-201608-462date:2016-08-26T00:00:00
db:NVDid:CVE-2016-4657date:2016-08-25T21:59:02.150