CVE-2016-1858

Published: May 20, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

Affected (4)

Products: Apple: Iphone Os, Safari, Tvos · Webkitgtk: Webkitgtk+

3 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 9.3.2
Apple Safari	Before 9.1.1
Apple Tvos	Before 9.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Webkitgtk Webkitgtk+	Before 2.12.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

Source: product-security@apple.com

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

Source: product-security@apple.com

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/May/msg00005.html

Source: product-security@apple.com

Mailing ListVendor Advisory

http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/538522/100/0/threaded

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035888

Source: product-security@apple.com

Third Party AdvisoryVDB Entry

https://support.apple.com/HT206564

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT206565

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT206568

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

http://lists.apple.com/archives/security-announce/2016/May/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

http://packetstormsecurity.com/files/137229/WebKitGTK-Code-Execution-Denial-Of-Service-Memory-Corruption.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/538522/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035888

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://support.apple.com/HT206564

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT206565

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT206568

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.