CVE-2016-4603

MEDIUM

Apple Iphone OS < 9.3.2 - Security Feature Bypass

Title source: rule

Description

Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.

References (4)

[Mailing List] http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

[Vendor Advisory] https://support.apple.com/HT206902

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91825

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036344

Scores

CVSS v3 4.3

EPSS 0.0030

EPSS Percentile 53.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-254

Status draft

Affected Products (1)

apple/iphone_os < 9.3.2

Timeline

Published Jul 22, 2016

Tracked Since Feb 18, 2026