CVE-2016-4719 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 53.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Watchos Apple IOS +1 more

Timeline

PublishedSep 18

Latest updateMay 17

Description

The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDapple/watchos2.2

▶Appleapple/watchos_3

▶NVDapple/iphone_os9.3.5

▶Appleapple/ios10

🔴Vulnerability Details

GHSA

GHSA-92gp-p64q-p3pw: The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attacke↗2022-05-17

▶

📋Vendor Advisories

Apple

CVE-2016-4719: watchOS 3↗2016-09-13

▶

Apple

CVE-2016-4719: iOS 10↗2016-09-13

▶