CVE-2016-4591

CVE Database · CVE-2016-4591

CVE-2016-4591

· N/AModified

CVSS v3.1

N/A

EPSS

4.14%

Published

Jul 21, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Weaknesses (CWE)

CWE-284

Affected Products (4)

apple · webkitvulnerable

apple · safari (up to 9.1.2)

apple · iphone_os (up to 9.3.3)

apple · tvos (up to 9.2.2)

References (20)

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html

Mailing ListVendor Advisory

http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/539295/100/0/threaded

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs