CVE-2016-7650

low-risk

Published 2017-02-20

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.

Do I need to act?

-

0.25% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.7/10 Medium

NETWORK / HIGH complexity

Affected Products (2)

Iphone Os

Safari

Affected Vendors

Apple

References (8)

http://www.securityfocus.com/bid/94915

http://www.securitytracker.com/id/1037459

https://support.apple.com/HT207421

https://support.apple.com/HT207422

http://www.securityfocus.com/bid/94915

http://www.securitytracker.com/id/1037459

https://support.apple.com/HT207421

https://support.apple.com/HT207422

23

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low