CVE-2016-1849Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure4 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 82.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple SafariApple IOS
Timeline
PublishedMay 20
Latest updateMay 17

Description

The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

NVDapple/safari9.1
Appleapple/safari9.1.1
NVDapple/iphone_os9.3.1
Appleapple/ios9.3.2

🔴Vulnerability Details

1
GHSA
GHSA-wmg4-hccw-9xwx: The "Clear History and Website Data" feature in Apple Safari before 92022-05-17

📋Vendor Advisories

2
Apple
CVE-2016-1849: Safari 9.1.1
Apple
CVE-2016-1849: iOS 9.3.2
CVE-2016-1849 — Sensitive Information Exposure in Apple | cvebase