Published: 22/07/2016 Updated: 25/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 607

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

WebKit in Apple iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple tvos
apple safari
apple iphone os

Several security issues were fixed in WebKitGTK+ ...

Resources for Browser Security Research

Browser Security Research Resources for Browser Security Research Resources/Blogs How Browsers Work: Behind the scenes of modern web browsers Inside look at modern web browser (part 1) Inside look at modern web browser (part 2) Inside look at modern web browser (part 3) Inside look at modern web browser (part 4) Document Object Model (DOM) Understanding Web Security Checks in

PoC exploit for CVE-2016-4622

CVE-2016-4622 PoC exploit for CVE-2016-4622 Find a detailed writeup of the bug on phrack

Awesome Web Security 🐶 Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list o

Browser Content WebKit bug 191731 CVE-2016-4622 V8 CTF starCTF 2019 OOB 35C3CTF krautflare CVE CVE-2020-6418

Awesome Web Security 🐶 Curated list of Web Security materials and resources Needless to say, most of websites on-line are suffered from various type of bugs, which might eventually lead to vulnerabilities Why would this happen so often? Many factors can be involved, including misconfiguration, shortage of engineers' security skills, and etc Therefore, here is the

My journey through WebKit CVE-2016-4622 Exploitation process

Bug analysis of WebKit exploit CVE-2016-4622 (Slice ValueOf Fastpath) I will be working on this repository until successful reach a general understanding of how works the WebKit Exploitation Primitives (addrof and fakeobj) This repository contains all that is needed to reproduce the Saelo Phrack Paper: wwwphrackorg/papers/attacking_javascript_engineshtml Folder Struct

Browser Content WebKit bug 191731 CVE-2016-4622 V8 CTF starCTF 2019 OOB 35C3CTF krautflare CVE CVE-2020-6418

A list of resources about JavaScript engines

This is a list of resources I used to learn about virtual machines in general, from an architecture point of view to optimizations and garbage collection strategies I've also put together some parts into a talk format, you can see the video here (slides) Contributions are very welcome! Table of Contents generated with DocToc Virtual machines JavaScript Engines V8 J

CWE-119 http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html https://support.apple.com/HT206905 https://support.apple.com/HT206902 http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html https://support.apple.com/HT206900 http://www.securityfocus.com/bid/91830 http://www.zerodayinitiative.com/advisories/ZDI-16-486 http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securitytracker.com/id/1036343 http://www.zerodayinitiative.com/advisories/ZDI-16-485 http://www.securityfocus.com/archive/1/539295/100/0/threaded https://usn.ubuntu.com/3079-1/https://nvd.nist.gov

CVE-2016-4622

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect