CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

References

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html
http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html
http://www.securityfocus.com/archive/1/539295/100/0/threaded
http://www.securityfocus.com/bid/91830
http://www.securitytracker.com/id/1036343
https://support.apple.com/HT206900
https://support.apple.com/HT206902
https://support.apple.com/HT206905
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html

CVE-2016-4591

Affected packages