CVE-2016-4657
CVE-2016-4657
In short
A flaw in Apple's WebKit browser engine allows attackers to run malicious code or crash the device by visiting a specially designed website. This affects iPhones and iPads running older iOS versions.
Technical detail
CVE-2016-4657 is a memory corruption vulnerability (CWE-787: Out-of-bounds Write) in WebKit affecting iOS before 9.3.5. The attack vector is remote and requires only user interaction (visiting a malicious website); successful exploitation results in arbitrary code execution or denial of service through memory corruption.
Summary generated and translated by AI from the official description.
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 6
githubgithub.com/iDaN5x/Switcheroo★ 56githubgithub.com/viai957/webkit-vulnerability★ 9githubgithub.com/Mimoja/CVE-2016-4657-NintendoSwitch★ 3cve_referencewww.exploit-db.com/exploits/44836/unverifiedexploitdbwww.exploit-db.com/exploits/44213unverifiedexploitdbwww.exploit-db.com/exploits/44836unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.htmlhttps://blog.lookout.com/blog/2016/08/25/trident-pegasus/https://support.apple.com/HT207107https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4657https://www.exploit-db.com/exploits/44836/https://www.youtube.com/watch?v=xkdPjbaLngEhttp://www.securityfocus.com/bid/92653http://www.securitytracker.com/id/1036694