CVE-2016-1779 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

7.7%

top 8.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Apple IOS

Timeline

PublishedMar 24

Latest updateMay 14

Description

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapple/safari9.0.3

▶Appleapple/safari9.1

▶NVDapple/iphone_os9.2.1

▶Appleapple/ios9.3

🔴Vulnerability Details

GHSA

GHSA-f55p-m2v7-m3pw: WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-1779: WebKit in Apple iOS before 9↗2016-03-24

▶

📋Vendor Advisories

Apple

CVE-2016-1779: Safari 9.1↗

▶

Apple

CVE-2016-1779: iOS 9.3↗

▶