CVE-2016-1785 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Safari Apple IOS

Timeline

PublishedMar 24

Latest updateMay 14

Description

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapple/safari9.0.3

▶Appleapple/safari9.1

▶NVDapple/iphone_os9.2.1

▶Appleapple/ios9.3

🔴Vulnerability Details

GHSA

GHSA-4v6r-qc3q-5hfm: The Page Loading implementation in WebKit in Apple iOS before 9↗2022-05-14

▶

OSV

CVE-2016-1785: The Page Loading implementation in WebKit in Apple iOS before 9↗2016-03-24

▶

📋Vendor Advisories

Apple

CVE-2016-1785: iOS 9.3↗

▶

Apple

CVE-2016-1785: Safari 9.1↗

▶

💬Community

Bugzilla

CVE-2016-5422 JON3: privilege escalation via improper authorization↗2016-08-01

▶