Published: 03/02/2020 Updated: 05/02/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A Cross-origin vulnerability exists in WebKit in Apple Safari prior to 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari
apple mac os x 10.10.5
apple mac os x 10.11.6
apple mac os x 10.12

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

The Register • Shaun Nichols in San Francisco • 24 Oct 2016

Get patching now

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV. Miscreants who exploit these flaws can take over the vulnerable device – all a victim has to do is open a JPEG or PDF file booby-trapped with malicious code, so get patching before you're caught out. The fixes come just days before the Cupertino developer of TextEdit is set to hold a special event to introduce a (presumed) refresh o...

CVE-2016-4676

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect