Vulnerability Details : CVE-2016-1849
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
Vulnerability category: Information leak
Products affected by CVE-2016-1849
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1849
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1849
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2016-1849
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1849
-
http://lists.apple.com/archives/security-announce/2016/May/msg00005.html
Apple - Lists.apple.comVendor Advisory
-
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
Apple - Lists.apple.comVendor Advisory
-
http://www.securitytracker.com/id/1035888
Apple Safari Bugs Let Remote Users Obtain Potentially Sensitive Information Execute Arbitrary Code - SecurityTracker
-
https://support.apple.com/HT206565
About the security content of Safari 9.1.1 - Apple SupportVendor Advisory
-
https://support.apple.com/HT206568
About the security content of iOS 9.3.2 - Apple SupportVendor Advisory
Jump to