Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Safari  Security Vulnerabilities
CVE-2016-4591
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.04
Published
2016-07-22
CVE-2016-4590
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVSS Score
5.4
EPSS Score
0.004
Published
2016-07-22
CVE-2016-4589
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
CVSS Score
8.8
EPSS Score
0.008
Published
2016-07-22
CVE-2016-4586
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS Score
8.8
EPSS Score
0.009
Published
2016-07-22
CVE-2016-4585
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.
CVSS Score
6.1
EPSS Score
0.014
Published
2016-07-22
CVE-2016-4584
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS Score
8.8
EPSS Score
0.009
Published
2016-07-22
CVE-2016-4583
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
CVSS Score
3.1
EPSS Score
0.006
Published
2016-07-22
CVE-2016-1864
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVSS Score
4.3
EPSS Score
0.005
Published
2016-06-19
CVE-2016-1859
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS Score
8.8
EPSS Score
0.006
Published
2016-05-20
CVE-2016-1858
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
CVSS Score
6.5
EPSS Score
0.013
Published
2016-05-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved