CVE-2016-4644

EUVD-2016-5630
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
appleapple_tv
𝑥
< 9.2.2
appleiphone_os
𝑥
< 9.3.3
applemac_os
10.11.0 ≤
𝑥
< 10.11.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206905
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206905