High severity7.5NVD Advisory· Published Jul 22, 2016· Updated Jun 17, 2026
CVE-2016-4591
CVE-2016-4591
Description
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
- Range: <9.2.2
- Range: <9.1.2
- Range: <9.3.3
Patches
Vulnerability mechanics
References
10- lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00004.htmlnvdMailing ListVendor Advisory
- packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.htmlnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/539295/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/91830nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036343nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT206900nvdVendor Advisory
- support.apple.com/HT206902nvdVendor Advisory
- support.apple.com/HT206905nvdVendor Advisory
News mentions
0No linked articles in our index yet.