Details of VAR-201702-0247

ID

VAR-201702-0247

CVE

CVE-2016-7650

TITLE

Apple iOS and Safari of Safari Universal cross-site scripting vulnerability in leader component

Trust: 0.8

sources: JVNDB: JVNDB-2016-007485

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Safari 10.0.2 and iOS 10.2 are vulnerable. Both Apple iOS and Safari are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Safari Reader is one of the browser's built-in reader components. Attackers can exploit this vulnerability to inject arbitrary scripts or HTML through malicious web pages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-2 Safari 10.0.2 Safari 10.0.2 is now available and addresses the following: Safari Reader Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: Multiple validation issues were addressed through improved input sanitization. CVE-2016-7650: Erling Ellingsen WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4692: Apple CVE-2016-7635: Apple CVE-2016-7652: Apple WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4743: Alan Cutter WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management. CVE-2016-7586: Boris Zbarsky WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management. CVE-2016-7587: Adam Klein CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2016-7611: an anonymous researcher working with Trend Micro's Zero Day Initiative CVE-2016-7639: Tongbo Luo of Palo Alto Networks CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab (tencent.com) CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab (tencent.com) CVE-2016-7642: Tongbo Luo of Palo Alto Networks CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab (tencent.com) CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab (tencent.com) CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab (tencent.com) CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab (tencent.com) CVE-2016-7654: Keen Lab working with Trend Micro's Zero Day Initiative WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved state management. CVE-2016-7589: Apple CVE-2016-7656: Keen Lab working with Trend Micro's Zero Day Initiative WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may compromise user information Description: An issue existed in handling of JavaScript prompts. This was addressed through improved state management. CVE-2016-7592: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An uninitialized memory access issue was addressed through improved memory initialization. CVE-2016-7598: Samuel GroA WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation. CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd. WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Visiting a maliciously crafted website may compromise user information Description: An issue existed in the handling of blob URLs. This issue was addressed through improved URL handling. CVE-2016-7623: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved state management. CVE-2016-7632: Jeonghoon Shin Safari 10.0.2 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYT7LLAAoJEIOj74w0bLRGN4UQAJ8QGVJNCoYlvJEY/VHAOQWm LMm32fidQv1hHsu5fKfCnkhhQkqO97wEFleVJ/SZkrc19ALS5XHuW7HJBvbo84US JBkp6BUJao8Ye4hgbbpp6bNUB+PUsyJoF8iSF3PjDbXEWbe4T/NM62JUcmlDsGAl YR7euBKRBXGAnm9sJWdBa3pbXfSwhCVeSZYY61SIr85Jkq8r7e5vFHqoW+9Anh7G 3Q51BqI5o+c6CwdylQAHfJigmfcOW0zrzYH4CviRwgMpI3ikqGij4sLXuoDZA2f0 YDMIAovRyBVlY7IRHOIQbUKW4I5bqBDcVOAGA11jHI6QjQjUWbVOC05pxLnF8pLB 4CbYTSqlYRaosJHncsvG9m+8pClik9eNleJaYJ7dPghnTtvoWYysi9rlvyWk3x9e 5u1fLgHjcHkF68iTWRC6DYDwiZZeFnMIl+gXApCe0f4uoZMtyOY5tWdwvlVEpGJz lbL6uGX748Cg68JupyWnrcIXZiLrw/YujS+tRgsLyNhTTy1SObTQwqp0jZ89y1g7 +535ZJk/AyR9rWcBVcldrINQ0R4iqZoa1npwwAd/b0ItZgzFPzz5RPGltl2syTvp 3hNGv5HeJqFGND2Apn5/pLD/n9gMMROCkQx2ooFAEehZ1BJE3WJXaDBMEy6jtfK2 OmgDKgbTexNtFNMI1qBE =cycU -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-7650 // JVNDB: JVNDB-2016-007485 // BID: 94915 // VULHUB: VHN-96470 // PACKETSTORM: 140152

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	10.0.1	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	10.0.2 (macos sierra 10.12.2)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	10.0.2 (os x el capitan v10.11.6)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	10.0.2 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.34	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.33	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.30	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.28	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.52	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	10.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.2	Trust: 0.3

sources: BID: 94915 // JVNDB: JVNDB-2016-007485 // CNNVD: CNNVD-201612-438 // NVD: CVE-2016-7650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7650
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7650
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-438
value:	LOW
Trust: 0.6
VULHUB:	VHN-96470
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-7650
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96470
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7650
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96470 // JVNDB: JVNDB-2016-007485 // CNNVD: CNNVD-201612-438 // NVD: CVE-2016-7650

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-96470 // JVNDB: JVNDB-2016-007485 // NVD: CVE-2016-7650

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-438

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007485

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-12-1 iOS 10.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00000.html	Trust: 0.8
title:	APPLE-SA-2016-12-13-2 Safari 10.0.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00004.html	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/en-us/HT207422	Trust: 0.8
title:	HT207421	url:	https://support.apple.com/en-us/HT207421	Trust: 0.8
title:	HT207421	url:	https://support.apple.com/ja-jp/HT207421	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/ja-jp/HT207422	Trust: 0.8
title:	Apple Safari and iOS Safari Reader Fixes for component cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66472	Trust: 0.6

sources: JVNDB: JVNDB-2016-007485 // CNNVD: CNNVD-201612-438

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7650	Trust: 2.9
db:	BID	id:	94915	Trust: 2.0
db:	SECTRACK	id:	1037459	Trust: 1.1
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVN	id:	JVNVU93979172	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007485	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-438	Trust: 0.7
db:	VULHUB	id:	VHN-96470	Trust: 0.1
db:	PACKETSTORM	id:	140152	Trust: 0.1

sources: VULHUB: VHN-96470 // BID: 94915 // JVNDB: JVNDB-2016-007485 // PACKETSTORM: 140152 // CNNVD: CNNVD-201612-438 // NVD: CVE-2016-7650

REFERENCES

url:	http://www.securityfocus.com/bid/94915	Trust: 1.7
url:	https://support.apple.com/ht207421	Trust: 1.7
url:	https://support.apple.com/ht207422	Trust: 1.7
url:	http://www.securitytracker.com/id/1037459	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7650	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93979172/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7650	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/safari/download/	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7599	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7623	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7635	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7642	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7645	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7646	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7641	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7610	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7649	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7587	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7656	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7650	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7640	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7592	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7639	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7654	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7611	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7652	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4743	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7598	Trust: 0.1

sources: VULHUB: VHN-96470 // BID: 94915 // JVNDB: JVNDB-2016-007485 // PACKETSTORM: 140152 // CNNVD: CNNVD-201612-438 // NVD: CVE-2016-7650

CREDITS

Erling Ellingsen

Trust: 0.9

sources: BID: 94915 // CNNVD: CNNVD-201612-438

SOURCES

db:	VULHUB	id:	VHN-96470
db:	BID	id:	94915
db:	JVNDB	id:	JVNDB-2016-007485
db:	PACKETSTORM	id:	140152
db:	CNNVD	id:	CNNVD-201612-438
db:	NVD	id:	CVE-2016-7650

LAST UPDATE DATE

2024-11-23T19:27:05.081000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96470	date:	2017-07-27T00:00:00
db:	BID	id:	94915	date:	2016-12-20T01:09:00
db:	JVNDB	id:	JVNDB-2016-007485	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201612-438	date:	2017-03-01T00:00:00
db:	NVD	id:	CVE-2016-7650	date:	2024-11-21T02:58:22.380

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96470	date:	2017-02-20T00:00:00
db:	BID	id:	94915	date:	2016-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-007485	date:	2017-03-01T00:00:00
db:	PACKETSTORM	id:	140152	date:	2016-12-14T13:33:33
db:	CNNVD	id:	CNNVD-201612-438	date:	2016-12-16T00:00:00
db:	NVD	id:	CVE-2016-7650	date:	2017-02-20T08:59:03.807