PatchSiren cyber security CVE debrief

CVE-2016-7592 Apple CVE debrief

CVE-2016-7592 is a WebKit information-disclosure issue affecting Apple products. According to the CVE description and NVD data, a remote attacker could obtain sensitive information by using crafted JavaScript prompts on a website. The issue is rated medium severity, requires user interaction, and affects multiple Apple software lines including iOS, Safari, iCloud, and iTunes.

Vendor: Apple
Product: CVE-2016-7592
CVSS: MEDIUM 4.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-20
Original CVE updated: 2026-05-13
Advisory published: 2017-02-20
Advisory updated: 2026-05-13

Who should care

Organizations and individuals running affected Apple products, especially administrators responsible for iOS devices, Safari installations, iCloud clients, and iTunes endpoints. Security teams should also care if users regularly browse untrusted web content or if Apple software versions are managed at scale.

Technical summary

NVD classifies the issue as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with CVSS v3.0 vector AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The CVE description says the flaw is in WebKit and can be triggered through crafted JavaScript prompts on a website, resulting in information disclosure. The NVD CPE criteria mark affected versions up to iPhone OS 10.1.1, Safari 10.0.1, iCloud 6.0.1, and iTunes 12.5.3, while the CVE description states before iOS 10.2, Safari 10.0.2, iCloud 6.1, and iTunes 12.5.4.

Defensive priority

Medium: this is a network-reachable information disclosure that does not require privileges, but it does require user interaction and has no impact on integrity or availability in the supplied CVSS vector.

Recommended defensive actions

Update affected Apple products to the fixed versions referenced by Apple’s advisories and NVD.
Verify deployed versions against the affected-version ranges in the CVE record before and after patching.
Prioritize remediation for devices and browsers that routinely access untrusted websites.
Review Apple’s vendor advisories linked in the NVD record for product-specific update guidance.
Use centralized software inventory or MDM where available to confirm that iOS, Safari, iCloud, and iTunes versions are no longer in the affected ranges.

Evidence notes

This debrief is based on the supplied CVE record published 2017-02-20 and NVD metadata last modified 2026-05-13. The record includes the WebKit/javascript-prompt description, CVSS v3.0 vector AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, and CWE-200. NVD references Apple vendor advisories HT207421, HT207422, HT207424, and HT207427. The supplied data does not include advisory body text, so the debrief avoids unsupported remediation details beyond applying the referenced Apple updates. The provided data also shows a version-range mismatch between the free-text description and the NVD CPE criteria; both are noted here without reconciling beyond the source corpus.

Official resources

CVE-2016-7592 CVE record
CVE.org
CVE-2016-7592 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed in NVD on 2017-02-20. No KEV listing was provided in the supplied enrichment data.