CVE-2016-1858Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure7 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
1.3%
top 20.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple SafariApple Tvos+2 more
Timeline
PublishedMay 20
Latest updateMay 14

Description

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

NVDapple/tvos< 9.2.1
NVDapple/safari< 9.1.1
Appleapple/tvos9.2.1
Appleapple/safari9.1.1
NVDapple/iphone_os< 9.3.2

🔴Vulnerability Details

2
GHSA
GHSA-r2c6-xm5m-7vg5: WebKit, as used in Apple iOS before 92022-05-14
OSV
CVE-2016-1858: WebKit, as used in Apple iOS before 92016-05-20

📋Vendor Advisories

4
Ubuntu
WebKitGTK+ vulnerabilities2016-09-14
Apple
CVE-2016-1858: iOS 9.3.2
Apple
CVE-2016-1858: tvOS 9.2.1
Apple
CVE-2016-1858: Safari 9.1.1
CVE-2016-1858 — Sensitive Information Exposure in Apple | cvebase