CVE-2016-1842Improper Access Control in Apple Iphone OS

CWE-284Improper Access Control5 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 21.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple Watchos+2 more
Timeline
PublishedMay 20
Latest updateMay 17

Description

MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDapple/watchos2.2
Appleapple/watchos2.2.1
NVDapple/mac_os_x10.11.4
NVDapple/iphone_os9.3.1
Appleapple/ios9.3.2

🔴Vulnerability Details

1
GHSA
GHSA-55p3-77g6-98rp: MapKit in Apple iOS before 92022-05-17

📋Vendor Advisories

3
Apple
CVE-2016-1842: watchOS 2.2.1
Apple
CVE-2016-1842: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple
CVE-2016-1842: iOS 9.3.2