CVE-2016-4644

CVE Database · CVE-2016-4644

CVE-2016-4644

· N/AModified

CVSS v3.1

N/A

EPSS

1.33%

Published

Jan 11, 2019

Modified

Nov 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.

Weaknesses (CWE)

CWE-200

Affected Products (3)

apple · apple_tv (up to 9.2.2)vulnerable

apple · iphone_os (up to 9.3.3)vulnerable

apple · mac_os (up to 10.11.6)vulnerable

References (6)

https://support.apple.com/HT206902

Vendor Advisory

https://support.apple.com/HT206903

Vendor Advisory

https://support.apple.com/HT206905