cnvd - cnvd-2016-10367

cnvd-2016-10367

Vulnerability from cnvd

Title

多款Apple产品WebKit内存破坏漏洞（CNVD-2016-10367）

Description

Apple iOS是为移动设备所开发的一套操作系统；Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器；tvOS是一套智能电视操作系统。多款Apple产品中的WebKit存在安全漏洞，允许攻击者可利用漏洞构建特殊的WEB页，诱使应用解析，可使应用程序崩溃或执行任意代码。

Severity

高

Patch Name

多款Apple产品WebKit内存破坏漏洞（CNVD-2016-10367）的补丁

Patch Description

Apple iOS是为移动设备所开发的一套操作系统；Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器；tvOS是一套智能电视操作系统。多款Apple产品中的WebKit存在安全漏洞，允许攻击者可利用漏洞构建特殊的WEB页，诱使应用解析，可使应用程序崩溃或执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布补丁以修复此安全问题，可以参考以下链接获取相应修复建议： https://support.apple.com/en-ie/HT207271 https://support.apple.com/en-ie/HT207272 https://support.apple.com/en-ie/HT207270

Reference

http://www.securityfocus.com/bid/93853

Impacted products

Name
['Apple Safari 5.1.1', 'Apple Safari 5.1.4', 'Apple Safari 5.1.7', 'Apple Safari 5.0.6', 'Apple Safari 5.0.5', 'Apple iOS 6', 'Apple iOS 5.1', 'Apple iOS 5.1.1', 'Apple iOS 5.0.1', 'Apple iOS 5', 'WebKit Open Source Project WebKit 0', 'Apple Safari 4.0.5', 'Apple Safari 4.0.4', 'Apple Safari 4.0.3', 'Apple Safari 4.0.2', 'Apple Safari 4.0.1', 'Apple Safari 3.2.3', 'Apple Safari 5.1', 'Apple Safari 5.0.3', 'Apple Safari 5.0.2', 'Apple Safari 5.0.1', 'Apple Safari 5.0', 'Apple Safari 4.1.3', 'Apple Safari 5.0.4', 'Apple Safari 4.1.2', 'Apple Safari 4.1.1', 'Apple Safari 4.1', 'Apple Safari 4.0', 'Apple Safari 4', 'Apple iPod Touch 0', 'Apple iPhone 0', 'Apple iPad 0', 'Apple IOS 4.2.1', 'Apple IOS 4.0.2', 'Apple IOS 4.0.1', 'Apple IOS 3.2.2', 'Apple IOS 3.2.1', 'Apple IOS 4.3.5', 'Apple IOS 4.3.4', 'Apple IOS 4.3.3', 'Apple IOS 4.3.2', 'Apple IOS 4.3.1', 'Apple IOS 4.3', 'Apple IOS 4.2.9', 'Apple IOS 4.2.8', 'Apple IOS 4.2.7', 'Apple IOS 4.2.6', 'Apple IOS 4.2.5', 'Apple IOS 4.2.10', 'Apple IOS 4.2', 'Apple IOS 4.1', 'Apple IOS 4', 'Apple IOS 3.2', 'Apple IOS 3.1', 'Apple Safari 6.0.4', 'Apple IOS 6.1.3', 'Apple IOS 6.1.4', 'Apple IOS 7', 'Apple IOS 7.0.2', 'Apple Safari 7.0.2', 'Apple Safari 6.1.4', 'Apple Safari 7.0.1', 'Apple Safari 7.0.3', 'Apple IOS 8.1.1', 'Apple Safari 6.2.4', 'Apple Safari 8.0.8', 'Apple Safari 7.1.8', 'Apple Safari 6.2.8', 'Apple IOS 9.1', 'Apple IOS 10']

Name

['Apple Safari 5.1.1', 'Apple Safari 5.1.4', 'Apple Safari 5.1.7', 'Apple Safari 5.0.6', 'Apple Safari 5.0.5', 'Apple iOS 6', 'Apple iOS 5.1', 'Apple iOS 5.1.1', 'Apple iOS 5.0.1', 'Apple iOS 5', 'WebKit Open Source Project WebKit 0', 'Apple Safari 4.0.5', 'Apple Safari 4.0.4', 'Apple Safari 4.0.3', 'Apple Safari 4.0.2', 'Apple Safari 4.0.1', 'Apple Safari 3.2.3', 'Apple Safari 5.1', 'Apple Safari 5.0.3', 'Apple Safari 5.0.2', 'Apple Safari 5.0.1', 'Apple Safari 5.0', 'Apple Safari 4.1.3', 'Apple Safari 5.0.4', 'Apple Safari 4.1.2', 'Apple Safari 4.1.1', 'Apple Safari 4.1', 'Apple Safari 4.0', 'Apple Safari 4', 'Apple iPod Touch 0', 'Apple iPhone 0', 'Apple iPad 0', 'Apple IOS 4.2.1', 'Apple IOS 4.0.2', 'Apple IOS 4.0.1', 'Apple IOS 3.2.2', 'Apple IOS 3.2.1', 'Apple IOS 4.3.5', 'Apple IOS 4.3.4', 'Apple IOS 4.3.3', 'Apple IOS 4.3.2', 'Apple IOS 4.3.1', 'Apple IOS 4.3', 'Apple IOS 4.2.9', 'Apple IOS 4.2.8', 'Apple IOS 4.2.7', 'Apple IOS 4.2.6', 'Apple IOS 4.2.5', 'Apple IOS 4.2.10', 'Apple IOS 4.2', 'Apple IOS 4.1', 'Apple IOS 4', 'Apple IOS 3.2', 'Apple IOS 3.1', 'Apple Safari 6.0.4', 'Apple IOS 6.1.3', 'Apple IOS 6.1.4', 'Apple IOS 7', 'Apple IOS 7.0.2', 'Apple Safari 7.0.2', 'Apple Safari 6.1.4', 'Apple Safari 7.0.1', 'Apple Safari 7.0.3', 'Apple IOS 8.1.1', 'Apple Safari 6.2.4', 'Apple Safari 8.0.8', 'Apple Safari 7.1.8', 'Apple Safari 6.2.8', 'Apple IOS 9.1', 'Apple IOS 10']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93853"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4677"
    }
  },
  "description": "Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "An anonymous researcher",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\u83b7\u53d6\u76f8\u5e94\u4fee\u590d\u5efa\u8bae\uff1a\r\nhttps://support.apple.com/en-ie/HT207271\r\nhttps://support.apple.com/en-ie/HT207272\r\nhttps://support.apple.com/en-ie/HT207270",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10367",
  "openTime": "2016-10-31",
  "patchDescription": "Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u7279\u6b8a\u7684WEB\u9875\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-10367\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple Safari 5.1.1",
      "Apple Safari 5.1.4",
      "Apple Safari 5.1.7",
      "Apple Safari 5.0.6",
      "Apple Safari 5.0.5",
      "Apple iOS 6",
      "Apple iOS 5.1",
      "Apple iOS 5.1.1",
      "Apple iOS 5.0.1",
      "Apple iOS 5",
      "WebKit Open Source Project WebKit 0",
      "Apple Safari 4.0.5",
      "Apple Safari 4.0.4",
      "Apple Safari 4.0.3",
      "Apple Safari 4.0.2",
      "Apple Safari 4.0.1",
      "Apple Safari 3.2.3",
      "Apple Safari 5.1",
      "Apple Safari 5.0.3",
      "Apple Safari 5.0.2",
      "Apple Safari 5.0.1",
      "Apple Safari 5.0",
      "Apple Safari 4.1.3",
      "Apple Safari 5.0.4",
      "Apple Safari 4.1.2",
      "Apple Safari 4.1.1",
      "Apple Safari 4.1",
      "Apple Safari 4.0",
      "Apple Safari 4",
      "Apple iPod Touch 0",
      "Apple iPhone 0",
      "Apple iPad 0",
      "Apple IOS 4.2.1",
      "Apple IOS 4.0.2",
      "Apple IOS 4.0.1",
      "Apple IOS 3.2.2",
      "Apple IOS 3.2.1",
      "Apple IOS 4.3.5",
      "Apple IOS 4.3.4",
      "Apple IOS 4.3.3",
      "Apple IOS 4.3.2",
      "Apple IOS 4.3.1",
      "Apple IOS 4.3",
      "Apple IOS 4.2.9",
      "Apple IOS 4.2.8",
      "Apple IOS 4.2.7",
      "Apple IOS 4.2.6",
      "Apple IOS 4.2.5",
      "Apple IOS 4.2.10",
      "Apple IOS 4.2",
      "Apple IOS 4.1",
      "Apple IOS 4",
      "Apple IOS 3.2",
      "Apple IOS 3.1",
      "Apple Safari 6.0.4",
      "Apple IOS 6.1.3",
      "Apple IOS 6.1.4",
      "Apple IOS 7",
      "Apple IOS 7.0.2",
      "Apple Safari 7.0.2",
      "Apple Safari 6.1.4",
      "Apple Safari 7.0.1",
      "Apple Safari 7.0.3",
      "Apple IOS 8.1.1",
      "Apple Safari 6.2.4",
      "Apple Safari 8.0.8",
      "Apple Safari 7.1.8",
      "Apple Safari 6.2.8",
      "Apple IOS 9.1",
      "Apple IOS 10"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93853",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-25",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2016-10367\uff09"
}

CVE-2016-4677 (GCVE-0-2016-4677)

Vulnerability from cvelistv5

Published

2017-02-20 08:35

Modified

2024-08-06 00:39

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

References

URL

Tags

	https://support.apple.com/HT207271	x_refsource_CONFIRM
	https://support.apple.com/HT207270	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93853	vdb-entry, x_refsource_BID
	https://support.apple.com/HT207272	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037087	vdb-entry, x_refsource_SECTRACK