CVE-2016-1864Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple Iphone OSApple SafariApple IOS
Timeline
PublishedJun 19
Latest updateMay 17

Description

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDapple/safari9.0.3
Appleapple/safari9.1
NVDapple/iphone_os9.2.1
Appleapple/ios9.3

🔴Vulnerability Details

2
GHSA
GHSA-4vv7-62cm-wmwg: The XSS auditor in WebKit, as used in Apple iOS before 92022-05-17
OSV
CVE-2016-1864: The XSS auditor in WebKit, as used in Apple iOS before 92016-06-19

📋Vendor Advisories

2
Apple
CVE-2016-1864: Safari 9.1
Apple
CVE-2016-1864: iOS 9.3
CVE-2016-1864 — Sensitive Information Exposure in Apple | cvebase