High severity7.5NVD Advisory· Published Jul 22, 2016· Updated May 6, 2026
CVE-2016-4591
CVE-2016-4591
Description
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00004.htmlnvdMailing ListVendor Advisory
- packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.htmlnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/539295/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/91830nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036343nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT206900nvdVendor Advisory
- support.apple.com/HT206902nvdVendor Advisory
- support.apple.com/HT206905nvdVendor Advisory
News mentions
0No linked articles in our index yet.