CVE-2016-1781 — Apple Iphone OS vulnerability

CWE-195 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Apple IOS

Timeline

PublishedMar 24

Latest updateMay 14

Description

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDapple/safari9.0.3

▶Appleapple/safari9.1

▶NVDapple/iphone_os9.2.1

▶Appleapple/ios9.3

🔴Vulnerability Details

GHSA

GHSA-74x2-79f4-hv52: WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-1781: WebKit in Apple iOS before 9↗2016-03-24

▶

📋Vendor Advisories

Apple

CVE-2016-1781: Safari 9.1↗

▶

Apple

CVE-2016-1781: iOS 9.3↗

▶