Medium severity6.8NVD Advisory· Published Sep 25, 2016· Updated Jun 17, 2026
CVE-2016-4763
CVE-2016-4763
Description
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*range: <=12.4.3
- (no CPE)range: <12.5.1
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=9.1.3
- (no CPE)range: <10
- Range: <10
- Range: <10
Patches
Vulnerability mechanics
References
8- lists.apple.com/archives/security-announce/2016/Sep/msg00007.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00012.htmlnvdMailing ListVendor Advisory
- support.apple.com/HT207143nvdVendor Advisory
- support.apple.com/HT207157nvdVendor Advisory
- support.apple.com/HT207158nvdVendor Advisory
- www.securityfocus.com/bid/93066nvd
- www.securitytracker.com/id/1036854nvd
News mentions
0No linked articles in our index yet.