CVE-2016-4585
https://notcve.org/view.php?id=CVE-2016-4585
Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. Vulnerabilidad de XSS en la implementación de WebKit Page Loading en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una respuesta HTTP especificando redirección que Safari no maneja correctamente. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1864
https://notcve.org/view.php?id=CVE-2016-1864
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. El auditor XSS en WebKit, tal como se utiliza en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1, no maneja correctamente redirecciones en modo bloque, lo que permite a atacantes remotos obtener información sensible a través de una URL manipulada. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/bid/91358 http://www.securitytracker.com/id/1036344 https://support.apple.com/HT206166 https://support.apple.com/HT206171 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1849
https://notcve.org/view.php?id=CVE-2016-1849
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory. La función "Clear History and Website Data" en Apple Safari en versiones anteriores a 9.1.1, cómo se utiliza en iOS en versiones anteriores a 9.3.2 y otros productos, no maneja correctamente el borrado del historial de navegación, lo que podría permitir a usuarios locales obtener información sensible aprovechando el acceso de lectura a un directorio de Safari. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://www.securitytracker.com/id/1035888 https://support.apple.com/HT206565 https://support.apple.com/HT206568 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-1857 – Apple Safari ArrayStorage DFG Optimization Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1857
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1856. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ArrayBuffer objects. By triggering certain JavaScript optimizations, an attacker can force an ArrayBuffer in memory to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html http://www.securityfocus.com/archive/1/538522/100/0/threaded http://www.securitytracker.com/id/1035888 http://www.zerodayinitiative.com/advisories/ZDI-16-343 https://support • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1856 – Apple Safari TextTrack Object Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1856
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. WebKit, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, Safari en versiones anteriores a 9.1.1 y tvOS en versiones anteriores a 9.2.1, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, una vulnerabilidad diferente a CVE-2016-1854, CVE-2016-1855 y CVE-2016-1857. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Safari manages the lifetime of TextTrack objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00005.html http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html http://www.securityfocus.com/archive/1/538522/100/0/threaded http://www.securitytracker.com/id/1035888 http://www.zerodayinitiative.com/advisories/ZDI-16-342 https://support • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •