Medium severity6.5NVD Advisory· Published Sep 25, 2016· Updated May 6, 2026

CVE-2016-4758

Description

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlnvdMailing ListVendor Advisory
lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlnvdMailing ListVendor Advisory
support.apple.com/HT207143nvdVendor Advisory
support.apple.com/HT207157nvdVendor Advisory
support.apple.com/HT207158nvdVendor Advisory
mksben.l0.cm/2016/09/safari-uxss-showModalDialog.htmlnvd
www.securityfocus.com/bid/93066nvd
www.securitytracker.com/id/1036854nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000