CVE-2015-1112 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 43.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Apple IOS +1 more

Timeline

PublishedApr 10

Latest updateMay 17

Description

Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDapple/safari6.2.4+17

▶Appleapple/safari_8.0.5_safari_7.1.5_and_safari6.2.5

▶NVDapple/iphone_os8.2

▶Appleapple/ios8.3

🔴Vulnerability Details

GHSA

GHSA-jvf5-x86m-gp68: Apple Safari before 6↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2015-1112: iOS 8.3↗

▶

Apple

CVE-2015-1112: Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5↗

▶