CVE-2016-1780 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure8 documents6 sources

Severity

6.5MEDIUMNVD

NVD4.3OSV4.3

EPSS

0.3%

top 49.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Mozilla Firefox Apple IOS +2 more

Timeline

PublishedMar 24

Latest updateMay 17

Description

WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDapple/iphone_os9.2.1

▶Appleapple/ios9.3

▶NVDmozilla/firefox45.0.2

▶debiandebian/firefox

▶debiandebian/firefox-esr

🔴Vulnerability Details

GHSA

GHSA-chfr-83gv-5hhp: WebKit in Apple iOS before 9↗2022-05-17

▶

GHSA

GHSA-x4mq-76g8-78f6: Mozilla Firefox before 46↗2022-05-17

▶

OSV

CVE-2016-1780: WebKit in Apple iOS before 9↗2016-03-24

▶

📋Vendor Advisories

Red Hat

Mozilla: Disclosure of user actions through JavaScript with motion and orientation sensors (MFSA 2016-43)↗2016-04-26

▶

Debian

CVE-2016-2813: firefox - Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript acc...↗2016

▶

Apple

CVE-2016-1780: iOS 9.3↗

▶