CVE-2016-4583
Publication date 21 July 2016
Last updated 24 July 2024
Ubuntu priority
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| qtwebkit-opensource-src | ||
| 16.04 LTS xenial | Ignored no update available | |
| 14.04 LTS trusty | Not in release | |
| qtwebkit-source | ||
| 16.04 LTS xenial | Ignored no update available | |
| 14.04 LTS trusty | Not in release | |
| webkit | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| webkit2gtk | ||
| 16.04 LTS xenial |
Fixed 2.12.5-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| webkitgtk | ||
| 16.04 LTS xenial | Ignored no update available | |
| 14.04 LTS trusty | Not in release | |
Notes
jdstrand
webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.1 · Low
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3079-1
- WebKitGTK+ vulnerabilities
- 14 September 2016
Other references
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html
- https://support.apple.com/HT206900
- https://support.apple.com/HT206902
- https://support.apple.com/HT206905
- https://webkitgtk.org/security/WSA-2016-0005.html
- https://www.cve.org/CVERecord?id=CVE-2016-4583