CVE-2016-7611: Buffer Overflow
First published: Mon Feb 20 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iTunes | <=12.5.3 | |
| iCloud | <=6.0.1 | |
| Safari | <=10.0.1 | |
| iPhone OS | <=10.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-7611?
CVE-2016-7611 has a high severity level due to its potential for remote code execution.
How do I fix CVE-2016-7611?
To address CVE-2016-7611, update affected software to the latest versions provided by Apple.
Which products are affected by CVE-2016-7611?
CVE-2016-7611 affects Apple iTunes, iCloud, Safari, and iOS versions prior to their respective security updates.
Can CVE-2016-7611 lead to data loss?
Yes, CVE-2016-7611 may lead to data loss as it allows for arbitrary code execution.
Is there a workaround for CVE-2016-7611?
There is no known workaround for CVE-2016-7611; updating is the recommended solution.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/itunes
- version/itunes/12.5.3
- canonical/icloud
- version/icloud/6.0.1
- canonical/safari
- version/safari/10.0.1
- canonical/iphone os
- version/iphone os/10.1.1