CVE-2016-1763Improper Input Validation in Apple Iphone OS

CWE-20Improper Input Validation3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 56.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedMar 24
Latest updateMay 17

Description

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

NVDapple/iphone_os9.2.1
Appleapple/ios9.3

🔴Vulnerability Details

1
GHSA
GHSA-gv7g-3vcr-8xrw: Messages in Apple iOS before 92022-05-17

📋Vendor Advisories

1
Apple
CVE-2016-1763: iOS 9.3