8.8
CVSSv3

CVE-2016-4622

Published: 22/07/2016 Updated: 25/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 610
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

WebKit in Apple iOS prior to 9.3.3, Safari prior to 9.1.2, and tvOS prior to 9.2.2 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple tvos

apple safari

apple iphone os

Vendor Advisories

Several security issues were fixed in WebKitGTK+ ...

Github Repositories

My journey through WebKit CVE-2016-4622 Exploitation process

Bug analysis of WebKit exploit CVE-2016-4622 (Slice ValueOf Fastpath) I will be working on this repository until successful reach a general understanding of how works the WebKit Exploitation Primitives (addrof and fakeobj) This repository contains all that is needed to reproduce the Saelo Phrack Paper: wwwphrackorg/papers/attacking_javascript_engineshtml Folder Struct

PoC exploit for CVE-2016-4622

CVE-2016-4622 PoC exploit for CVE-2016-4622 Find a detailed writeup of the bug on phrack

Browser Content WebKit bug 191731 CVE-2016-4622 V8 CTF starCTF 2019 OOB 35C3CTF krautflare CVE CVE-2020-6418

A list of resources about JavaScript engines

This is a list of resources I used to learn about virtual machines in general, from an architecture point of view to optimizations and garbage collection strategies I've also put together some parts into a talk format, you can see the video here (slides) Contributions are very welcome! Table of Contents generated with DocToc Virtual machines JavaScript Engines V8 J

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most of websites on-line are suffered from various type of bugs, which might eventually lead to vulnerabilities Why would this happen so often? Many factors can be involved, including misconfiguration, shortage of engineers' security skills, and etc Therefore, here is the cur

Cybersecurity Web Security The World of Web Security in Cybersecurity : A collection of Web Security materials, libraries, documents, books, resources and cool stuff about in Cybersecurity Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources Ensu

https://github.com/qazbnm456/awesome-web-security

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of W

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

A curated list of Web Security materials and resources.

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

Exploiting a V8 OOB write(2017) saelo - Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622 (2016-10-27) $hell on Earth: From Browser to System Compromise(2016) Heap spraying high addresses in 32-bit Chrome/Firefox on 64-bit Windows(2016) Smashing The Browser: From Vulnerability Discovery To Exploit(2014) Microsoft Edge 浏览器远程代码执行漏

vulns I found or I collect

RealWorldPwn 0x00 : What is this Realy World Pwn is INTERSTING :) There are PoCs(analysis maybe also) I found or I collected 0x01 : List Collection CVE-2018-12794 CVE-2018-4990 CVE-2018-14442 CVE-2016-10403 CVE-2017-2536 CVE-2019-0024 CVE-2019-7125 CVE-2016-4622 CVE-2017-2547 CVE-2018-4416 CVE-2017-2540 CVE-2017-2541 My own CVE-2018-12831 FoxitReader OOB Read Podofo PoCs CVE-2

看雪iOS安全小组的翻译团队作品集合,如有勘误,欢迎斧正!

OSG-macOS/iOS Security Group Translation Team 看雪iOS安全小组的翻译团队作品合集,如有勘误/瑕疵/拗口/偏颇,欢迎斧正! 看雪iOS安全小组置顶向导资源集合贴: [逆向][调试][漏洞][越狱]:bbspediycom/showthreadphp?t=212685 翻译团队 维护by:yaren (看雪ID:西海) 编号 文章 来源网址 翻译 得

A collection of JavaScript engine CVEs with PoCs

Case Study of JavaScript Engine Vulnerabilities V8 CVE Number Feature Keywords Credit CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot CVE-2014-3176 Arrayconcat Side Effect, OOB lokihardt CVE-2014-7927 Optimization asmjs, OOB Christian Holler CVE-2014-7928 Optimization Array Christian Holler C

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :