var-201702-0387
Vulnerability from variot
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site. WebKit is prone to an information-disclosure vulnerability and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts. A memory corruption vulnerability exists in the WebKit component of Apple iCloud versions prior to 6.0.1 on Windows platforms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1
iCloud for Windows v6.0.1 is now available and addresses the following:
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An input validation issue was addressed through improved state management. CVE-2016-4613: Chris Palmer
WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-7578: Apple
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYElaQAAoJEIOj74w0bLRGydAP/A7CkkToap07bACp6iVYcQwO LRcILJJzCgQpXU4w95HA4w5iSlV08/PhFsIHb+nrQ4QM9TgUCPx7tlVTw+FUOCUy 1MyYNZCZs66B5w0lZla7unN76SPpt4m2fpz7b6SyTbpkrNuIvb/JC1AQoZOWz1za WBpS9argB+Nhk3HoG/PCGIQT2+iMicKLkK5ltbTGx0OK/hyRd8OM1qtU+z1OijV2 HRZek6yCR5h/4VJroBoyK3KqAashiEjGG7En9CHu3x2WLH9au62TVo74ugssfo3f gKuyBn8RZg8uFEo/iuBTNuU6rnoGQlY1YwNbyyAWlLuY2D0zgI3K9eREi6/T8LaO RJ6vz79hJHqfJIvMGGPZB9k4fWkBZemqhqfgW7RMBD7iBSYmoCIAbh679c12aik4 EF3rGTww+/3vdH3/Tb6w+5LTjIWjaYK05FInfzH2wY5sXT470VL946X6ueQysXOW kZ//jXIG52zS4pITnR+TPS5Ed9Xrwl6QhMtnSlPOmaUiuZyfmf6hxNmc9jkO9qs8 wIUeDOk83pVfOkrdEG1YUaHM35ntKEpqUFAtcgai0Z9DGtXMKiqikMLJMD8fdJ3g VPUWeZWA28cWZkv9RCNtVm/LZ0orVczUQZIdsThbfb5Kgi1YcG+BdT1+jfJvuiFt cmmT4qoVmcLgqmd0UR8Z =qqLM -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tv",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "itunes",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "icloud",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.0.1 (windows 7 or later )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.5.2 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (macos sierra 10.12)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (os x el capitan v10.11.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (os x yosemite v10.10.5)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (apple tv first 4 generation )"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0.0"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.2"
},
{
"model": "icloud",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
}
],
"sources": [
{
"db": "BID",
"id": "93949"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Palmer and Apple",
"sources": [
{
"db": "BID",
"id": "93949"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4613",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4613",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93432",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4613",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4613",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4613",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93432",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93432"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site. WebKit is prone to an information-disclosure vulnerability and multiple memory-corruption vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts. A memory corruption vulnerability exists in the WebKit component of Apple iCloud versions prior to 6.0.1 on Windows platforms. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1\n\niCloud for Windows v6.0.1 is now available and addresses the\nfollowing:\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of user information\nDescription: An input validation issue was addressed through improved\nstate management. \nCVE-2016-4613: Chris Palmer\n\nWebKit\nAvailable for: Windows 7 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2016-7578: Apple\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYElaQAAoJEIOj74w0bLRGydAP/A7CkkToap07bACp6iVYcQwO\nLRcILJJzCgQpXU4w95HA4w5iSlV08/PhFsIHb+nrQ4QM9TgUCPx7tlVTw+FUOCUy\n1MyYNZCZs66B5w0lZla7unN76SPpt4m2fpz7b6SyTbpkrNuIvb/JC1AQoZOWz1za\nWBpS9argB+Nhk3HoG/PCGIQT2+iMicKLkK5ltbTGx0OK/hyRd8OM1qtU+z1OijV2\nHRZek6yCR5h/4VJroBoyK3KqAashiEjGG7En9CHu3x2WLH9au62TVo74ugssfo3f\ngKuyBn8RZg8uFEo/iuBTNuU6rnoGQlY1YwNbyyAWlLuY2D0zgI3K9eREi6/T8LaO\nRJ6vz79hJHqfJIvMGGPZB9k4fWkBZemqhqfgW7RMBD7iBSYmoCIAbh679c12aik4\nEF3rGTww+/3vdH3/Tb6w+5LTjIWjaYK05FInfzH2wY5sXT470VL946X6ueQysXOW\nkZ//jXIG52zS4pITnR+TPS5Ed9Xrwl6QhMtnSlPOmaUiuZyfmf6hxNmc9jkO9qs8\nwIUeDOk83pVfOkrdEG1YUaHM35ntKEpqUFAtcgai0Z9DGtXMKiqikMLJMD8fdJ3g\nVPUWeZWA28cWZkv9RCNtVm/LZ0orVczUQZIdsThbfb5Kgi1YcG+BdT1+jfJvuiFt\ncmmT4qoVmcLgqmd0UR8Z\n=qqLM\n-----END PGP SIGNATURE-----\n\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3166-1\nJanuary 10, 2017\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. If a user were tricked into viewing a malicious\nwebsite, a remote attacker could exploit a variety of issues related to web\nbrowser security, including cross-site scripting attacks, denial of service\nattacks, and arbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1\n libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3166-1\n CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,\n CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,\n CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,\n CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,\n CVE-2016-4769, CVE-2016-7578\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "BID",
"id": "93949"
},
{
"db": "VULHUB",
"id": "VHN-93432"
},
{
"db": "PACKETSTORM",
"id": "139381"
},
{
"db": "PACKETSTORM",
"id": "139382"
},
{
"db": "PACKETSTORM",
"id": "140417"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-93432",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93432"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4613",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1037139",
"trust": 1.7
},
{
"db": "BID",
"id": "93949",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "139381",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "139382",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97557859",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90743185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.2510",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2016.2511",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "140417",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93432",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93432"
},
{
"db": "BID",
"id": "93949"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "PACKETSTORM",
"id": "139381"
},
{
"db": "PACKETSTORM",
"id": "139382"
},
{
"db": "PACKETSTORM",
"id": "140417"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"id": "VAR-201702-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93432"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:36:35.532000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-10-24-4 tvOS 10.0.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00003.html"
},
{
"title": "APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00006.html"
},
{
"title": "APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00007.html"
},
{
"title": "APPLE-SA-2016-10-24-3 Safari 10.0.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00002.html"
},
{
"title": "HT207272",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207272"
},
{
"title": "HT207273",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207273"
},
{
"title": "HT207274",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207274"
},
{
"title": "HT207270",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207270"
},
{
"title": "HT207270",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207270"
},
{
"title": "HT207272",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207272"
},
{
"title": "HT207273",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207273"
},
{
"title": "HT207274",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207274"
},
{
"title": "Apple iCloud for Windows Repair measures for memory corruption vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65269"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93432"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht207270"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207272"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207273"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207274"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93949"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037139"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4613"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90743185/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97557859/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4613"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/139381/apple-security-advisory-2016-10-27-2.html"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/139382/apple-security-advisory-2016-10-27-3.html"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=40046"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=40042"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1037139"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00006.html"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00007.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4613"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7578"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4707"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4657"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3166-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4760"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4733"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4735"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93432"
},
{
"db": "BID",
"id": "93949"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "PACKETSTORM",
"id": "139381"
},
{
"db": "PACKETSTORM",
"id": "139382"
},
{
"db": "PACKETSTORM",
"id": "140417"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93432"
},
{
"db": "BID",
"id": "93949"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"db": "PACKETSTORM",
"id": "139381"
},
{
"db": "PACKETSTORM",
"id": "139382"
},
{
"db": "PACKETSTORM",
"id": "140417"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93432"
},
{
"date": "2016-10-27T00:00:00",
"db": "BID",
"id": "93949"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"date": "2016-10-28T14:33:33",
"db": "PACKETSTORM",
"id": "139381"
},
{
"date": "2016-10-28T14:44:55",
"db": "PACKETSTORM",
"id": "139382"
},
{
"date": "2017-01-10T23:06:00",
"db": "PACKETSTORM",
"id": "140417"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"date": "2017-02-20T08:59:00.167000",
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-93432"
},
{
"date": "2016-11-24T11:04:00",
"db": "BID",
"id": "93949"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007433"
},
{
"date": "2017-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-046"
},
{
"date": "2024-11-21T02:52:37.233000",
"db": "NVD",
"id": "CVE-2016-4613"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140417"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.