// For flags

CVE-2016-4657

Apple iOS Webkit Memory Corruption Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

7
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

WebKit en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado.

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2016-05-11 CVE Reserved
  • 2016-08-25 CVE Published
  • 2017-03-12 First Exploit
  • 2022-05-24 Exploited in Wild
  • 2022-06-14 KEV Due Date
  • 2024-12-17 EPSS Updated
  • 2025-01-29 CVE Updated
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Iphone Os
Search vendor "Apple" for product "Iphone Os"
 < 9.3.5
Search vendor "Apple" for product "Iphone Os" and version " < 9.3.5"
-
Affected