CVE-2016-4583

CVE Database · CVE-2016-4583

CVE-2016-4583

· N/AModified

CVSS v3.1

N/A

EPSS

1.83%

Published

Jul 21, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

Weaknesses (CWE)

CWE-362

Affected Products (5)

apple · webkitvulnerable

apple · safari (up to 9.1.2)

apple · iphone_os (up to 9.3.3)

apple · tvos (up to 9.2.2)

webkitgtk · webkitgtk\+ (up to 2.12.2)vulnerable

References (20)

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html

Mailing ListVendor Advisory

http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/539295/100/0/threaded

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs