PT-2016-6121 · Apple+1 · Webkit+4
Publicado
2016-09-25
·
Atualizado
2017-07-30
·
CVE-2016-4763
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 10
iTunes versions prior to 12.5.1 on Windows
Safari versions prior to 10
Description
The issue is related to the improper verification of X.509 certificates from HTTPS servers by WKWebView in WebKit. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Recommendations
For iOS versions prior to 10, update to iOS 10 or later.
For iTunes versions prior to 12.5.1 on Windows, update to iTunes 12.5.1 or later.
For Safari versions prior to 10, update to Safari 10 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Safari
Webkit
Windows
Ios
Itunes