← Back

CVE-2016-4763

nvd nist
Published: Sep 25, 2016Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.6 / Impact: 5.2
Source: NVD

Description

WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected (3)

Apple
3 products
Itunes
Iphone Os
Safari
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Itunes
Up to 12.4.3
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Iphone Os
Up to 9.3.5
Safari
Up to 9.1.3

Related CWEs

CWE-310
CWE-310

References (16)

Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Source: product-security@apple.com
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.