Vulnerability-Lookup

CVE-2016-1781 (GCVE-0-2016-1781)

Vulnerability from cvelistv5 – Published: 2016-03-24 01:00 – Updated: 2024-08-05 23:10

Summary

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.

Severity

No CVSS data available.

CWE

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/HT205635	x_refsource_CONFIRM
http://www.securitytracker.com/id/1035353	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/archive/1/537948/100…	mailing-listx_refsource_BUGTRAQ
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
https://support.apple.com/HT205639	x_refsource_CONFIRM

Date Public

2015-12-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:39.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205635"
          },
          {
            "name": "1035353",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035353"
          },
          {
            "name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2015-12-08-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
          },
          {
            "name": "APPLE-SA-2015-12-08-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205639"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205635"
        },
        {
          "name": "1035353",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035353"
        },
        {
          "name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2015-12-08-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
        },
        {
          "name": "APPLE-SA-2015-12-08-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205639"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205635",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205635"
            },
            {
              "name": "1035353",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035353"
            },
            {
              "name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
            },
            {
              "name": "APPLE-SA-2015-12-08-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
            },
            {
              "name": "APPLE-SA-2015-12-08-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT205639",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205639"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-1781",
    "datePublished": "2016-03-24T01:00:00.000Z",
    "dateReserved": "2016-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:10:39.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-1781",
      "date": "2026-05-31",
      "epss": "0.00464",
      "percentile": "0.64602"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1781\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-03-24T01:59:48.487\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"WebKit en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1 no gestiona correctamente las URLs adjuntadas, lo que facilita a servidores web remotos rastrear a usuarios a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0.3\",\"matchCriteriaId\":\"F39FC2FB-375B-4129-A37F-BC749F8A9648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.1\",\"matchCriteriaId\":\"080450EA-85C1-454D-98F9-5286D69CF237\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/537948/100/0/threaded\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securitytracker.com/id/1035353\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205639\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/537948/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2016-AVI-106

Vulnerability from certfr_avis - Published: 2016-03-22 - Updated: 2016-03-22

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	N/A	tvOS versions antérieures à 9.2 pour Apple TV (4ème génération)
Apple	N/A	OS X El Capitan 10.11.x versions antérieures à 10.11.4
Apple	N/A	iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents
Apple	N/A	watchOS versions antérieures à 2.2
Apple	N/A	OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures
Apple	N/A	Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures
Apple	N/A	OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	Safari	Safari versions antérieures à 9.1

References

Title

Publication Time

CNVD-2016-01843

Vulnerability from cnvd - Published: 2016-03-25

Title

Apple iOS WebKit信息泄露漏洞（CNVD-2016-01843）

Description

Apple iOS是苹果公司用于多个智能设备的操作系统。WebKit是KDE、苹果（Apple）、谷歌（Google）等公司共同开发的一套开源Web浏览器引擎，目前被Apple Safari及Google Chrome等浏览器使用。 iOS 9.3之前版本及Safari 9.1之前版本在URL处理中存在安全漏洞，可导致用户信息泄露。

Severity

中

Patch Name

Apple iOS WebKit信息泄露漏洞（CNVD-2016-01843）的补丁

Patch Description

Formal description

Apple已经为此发布了一个安全公告（HT206166）以及相应补丁: https://support.apple.com/en-au/HT206166

Reference

https://support.apple.com/en-au/HT206166

Impacted products

Name
['Apple IOS < 9.3', 'Apple Safari <9.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1781"
    }
  },
  "description": "Apple iOS\u662f\u82f9\u679c\u516c\u53f8\u7528\u4e8e\u591a\u4e2a\u667a\u80fd\u8bbe\u5907\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662fKDE\u3001\u82f9\u679c\uff08Apple\uff09\u3001\u8c37\u6b4c\uff08Google\uff09\u7b49\u516c\u53f8\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\niOS 9.3\u4e4b\u524d\u7248\u672c\u53caSafari 9.1\u4e4b\u524d\u7248\u672c\u5728URL\u5904\u7406\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u5bfc\u81f4\u7528\u6237\u4fe1\u606f\u6cc4\u9732\u3002",
  "discovererName": "Devdatta Akhawe of Dropbox, Inc.",
  "formalWay": "Apple\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08HT206166\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttps://support.apple.com/en-au/HT206166",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01843",
  "openTime": "2016-03-25",
  "patchDescription": "Apple iOS\u662f\u82f9\u679c\u516c\u53f8\u7528\u4e8e\u591a\u4e2a\u667a\u80fd\u8bbe\u5907\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662fKDE\u3001\u82f9\u679c\uff08Apple\uff09\u3001\u8c37\u6b4c\uff08Google\uff09\u7b49\u516c\u53f8\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\niOS 9.3\u4e4b\u524d\u7248\u672c\u53caSafari 9.1\u4e4b\u524d\u7248\u672c\u5728URL\u5904\u7406\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u5bfc\u81f4\u7528\u6237\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS WebKit\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-01843\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c 9.3",
      "Apple Safari \u003c9.1"
    ]
  },
  "referenceLink": "https://support.apple.com/en-au/HT206166",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-24",
  "title": "Apple iOS WebKit\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2016-01843\uff09"
}

FKIE_CVE-2016-1781

Vulnerability from fkie_nvd - Published: 2016-03-24 01:59 - Updated: 2026-05-06 22:30

Severity

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/archive/1/537948/100/0/threaded
product-security@apple.com	http://www.securitytracker.com/id/1035353
product-security@apple.com	https://support.apple.com/HT205635	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT205639	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/537948/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035353
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205635	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205639	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	safari	*
	apple	iphone_os	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F39FC2FB-375B-4129-A37F-BC749F8A9648",
              "versionEndIncluding": "9.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237",
              "versionEndIncluding": "9.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "WebKit en Apple iOS en versiones anteriores a 9.3 y Safari en versiones anteriores a 9.1 no gestiona correctamente las URLs adjuntadas, lo que facilita a servidores web remotos rastrear a usuarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-1781",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-24T01:59:48.487",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1035353"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205635"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205639"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205639"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-19"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-74X2-79F4-HV52

Vulnerability from github – Published: 2022-05-14 02:46 – Updated: 2022-05-14 02:46

Details

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.

Severity

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1781"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-03-24T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.",
  "id": "GHSA-74x2-79f4-hv52",
  "modified": "2022-05-14T02:46:40Z",
  "published": "2022-05-14T02:46:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1781"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205635"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205639"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035353"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-1781

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.

Aliases

CVE-2016-1781

Aliases

CVE-2016-1781

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1781",
    "description": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.",
    "id": "GSD-2016-1781"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1781"
      ],
      "details": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.",
      "id": "GSD-2016-1781",
      "modified": "2023-12-13T01:21:24.773531Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-1781",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT205635",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205635"
          },
          {
            "name": "1035353",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035353"
          },
          {
            "name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2015-12-08-5",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
          },
          {
            "name": "APPLE-SA-2015-12-08-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
          },
          {
            "name": "https://support.apple.com/HT205639",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205639"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1781"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-19"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-12-08-5",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00003.html"
            },
            {
              "name": "APPLE-SA-2015-12-08-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT205635",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205635"
            },
            {
              "name": "https://support.apple.com/HT205639",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205639"
            },
            {
              "name": "1035353",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035353"
            },
            {
              "name": "20160331 WebKitGTK+ Security Advisory WSA-2016-0003",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2018-10-09T19:59Z",
      "publishedDate": "2016-03-24T01:59Z"
    }
  }
}

VAR-201603-0241

Vulnerability from variot - Updated: 2025-04-13 19:58

WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. Apple iOS and Safari Used in etc. Webkit Is attached URL Vulnerabilities that allow users to be tracked due to mishandling of. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlRemote Web The server may be able to track you. WebKit is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions of Apple Safari prior to 9.1 due to the program's incorrect handling of URLs for attachments. Attackers can exploit this vulnerability to track sensitive user information through a specially crafted Web site. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0003

Date reported : March 31, 2016 Advisory ID : WSA-2016-0003 Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1785, CVE-2016-1786.

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2016-1778 Versions affected: WebKitGTK+ before 2.10.5. Credit to 0x1byte working with Trend Micro's Zero Day Initiative (ZDI).

CVE-2016-1779 Versions affected: WebKitGTK+ before 2.10.5. Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).

CVE-2016-1781 Versions affected: WebKitGTK+ before 2.10.5. Credit to Devdatta Akhawe of Dropbox, Inc.

CVE-2016-1782 Versions affected: WebKitGTK+ before 2.10.5. Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.

CVE-2016-1783 Versions affected: WebKitGTK+ before 2.10.5. Credit to Mihai Parparita of Google.

CVE-2016-1785 Versions affected: WebKitGTK+ before 2.10.5. Credit to an anonymous researcher. The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2016-1786 Versions affected: WebKitGTK+ before 2.10.5. Credit to ma.la of LINE Corporation. The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.

Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html

The WebKitGTK+ team, March 31, 2016

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-6 Safari 9.1

Safari 9.1 is now available and addresses the following:

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1762

Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue existed where the text of a dialog included page-supplied text. This issue was addressed by no longer including that text. CVE-ID CVE-2009-2197 : Alexios Fakos of n.runs AG

Safari Downloads Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: An insufficient input validation issue existed in the handling of certain files. This was addressed through additional checks during file expansion. CVE-ID CVE-2016-1771 : Russ Cox

Safari Top Sites Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: A cookie storage issue existed in the Top Sites page. This issue was addressed through improved state management. CVE-ID CVE-2016-1772 : WoofWagly

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A website may be able to track sensitive user information Description: An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1783 : Mihai Parparita of Google

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation.

WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)

WebKit History Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)

WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. This was addressed through additional request checking. CVE-ID CVE-2016-1785 : an anonymous researcher

WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.3 Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. This issue was addressed through improved URL display logic. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation

Installation note:

Safari 9.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2 pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z 5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9 k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+ BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g ZD4qUKE2vo66y07AMC93 =8yOc -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0241",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (os x el capitan v10.11.4)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (os x mavericks v10.9.5)"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.1   (os x yosemite v10.10.5)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.7"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "0x1byte working with Trend Micro\u0027s Zero Day, xisigr of Tencent\u0027s Xuanwu Lab, Devdatta Akhawe of Dropbox, Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co., an anonymous researcher, and ma.la of LINE Corporation.",
    "sources": [
      {
        "db": "BID",
        "id": "85069"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1781",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-1781",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-90600",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-1781",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1781",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1781",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-319",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90600",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. Apple iOS and Safari Used in etc. Webkit Is attached URL Vulnerabilities that allow users to be tracked due to mishandling of. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlRemote Web The server may be able to track you. WebKit is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions of Apple Safari prior to 9.1 due to the program\u0027s incorrect handling of URLs for attachments. Attackers can exploit this vulnerability to track sensitive user information through a specially crafted Web site. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory                               WSA-2016-0003\n------------------------------------------------------------------------\n\nDate reported      : March 31, 2016\nAdvisory ID        : WSA-2016-0003\nAdvisory URL       : http://webkitgtk.org/security/WSA-2016-0003.html\nCVE identifiers    : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,\n                     CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,\n                     CVE-2016-1786. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2016-1778\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to 0x1byte working with Trend Micro\u0027s Zero Day Initiative\n    (ZDI). \n\nCVE-2016-1779\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to xisigr of Tencent\u0027s Xuanwu Lab (http://www.tencent.com). \n\nCVE-2016-1781\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to Devdatta Akhawe of Dropbox, Inc. \n\nCVE-2016-1782\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies\n    Co.,Ltd. \n    WebKit in Apple iOS before 9.3 and Safari before 9.1 does not\n    properly restrict redirects that specify a TCP port number, which\n    allows remote attackers to bypass intended port restrictions via a\n    crafted web site. \n\nCVE-2016-1783\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to Mihai Parparita of Google. \n\nCVE-2016-1785\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to an anonymous researcher. \n    The Page Loading implementation in WebKit in Apple iOS before 9.3\n    and Safari before 9.1 mishandles character encoding during access to\n    cached data, which allows remote attackers to bypass the Same Origin\n    Policy and obtain sensitive information via a crafted web site. \n\nCVE-2016-1786\n    Versions affected: WebKitGTK+ before 2.10.5. \n    Credit to ma.la of LINE Corporation. \n    The Page Loading implementation in WebKit in Apple iOS before 9.3\n    and Safari before 9.1 mishandles HTTP responses with a 3xx (aka\n    redirection) status code, which allows remote attackers to spoof the\n    displayed URL, bypass the Same Origin Policy, and obtain sensitive\n    cached information via a crafted web site. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: http://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nMarch 31, 2016\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-6 Safari 9.1\n\nSafari 9.1 is now available and addresses the following:\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1762\n\nSafari\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  An issue existed where the text of a dialog included\npage-supplied text. This issue was addressed by no longer including\nthat text. \nCVE-ID\nCVE-2009-2197 : Alexios Fakos of n.runs AG\n\nSafari Downloads\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a maliciously crafted webpage may lead to a system\ndenial of service\nDescription:  An insufficient input validation issue existed in the\nhandling of certain files. This was addressed through additional\nchecks during file expansion. \nCVE-ID\nCVE-2016-1771 : Russ Cox\n\nSafari Top Sites\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  A website may be able to track sensitive user information\nDescription:  A cookie storage issue existed in the Top Sites page. \nThis issue was addressed through improved state management. \nCVE-ID\nCVE-2016-1772 : WoofWagly\n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  A website may be able to track sensitive user information\nDescription:  An issue existed in the handling of attachment URLs. \nThis issue was addressed through improved URL handling. \n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1778 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  A malicious website may be able to access restricted ports\non arbitrary servers\nDescription:  A port redirection issue was addressed through\nadditional port validation. \n\nWebKit\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription:  An issue existed in the parsing of geolocation\nrequests. This was addressed through improved validation of the\nsecurity origin for geolocation requests. \nCVE-ID\nCVE-2016-1779 : xisigr of Tencent\u0027s Xuanwu Lab\n(http://www.tencent.com)\n\nWebKit History\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription:  A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWebKit Page Loading\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  A malicious website may exfiltrate data cross-origin\nDescription:  A caching issue existed with character encoding. This\nwas addressed through additional request checking. \nCVE-ID\nCVE-2016-1785 : an anonymous researcher\n\nWebKit Page Loading\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 to v10.11.3\nImpact:  Visiting a malicious website may lead to user interface\nspoofing\nDescription:  Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. This issue was addressed through improved URL\ndisplay logic. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nInstallation note:\n\nSafari 9.1 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b\nZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v\nHTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u\nr8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2\npN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z\n5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D\nuD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn\ncn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9\nk1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+\nBIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu\nLvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g\nZD4qUKE2vo66y07AMC93\n=8yOc\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "BID",
        "id": "85069"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "db": "PACKETSTORM",
        "id": "136535"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1781",
        "trust": 3.0
      },
      {
        "db": "SECTRACK",
        "id": "1035353",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "69624",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "69614",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "85069",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-90600",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136535",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136347",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "db": "BID",
        "id": "85069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "PACKETSTORM",
        "id": "136535"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "id": "VAR-201603-0241",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T19:58:28.112000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2016-03-21-1 iOS 9.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-6 Safari 9.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
      },
      {
        "title": "HT206171",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206171"
      },
      {
        "title": "HT206166",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206166"
      },
      {
        "title": "HT206166",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206166"
      },
      {
        "title": "HT206171",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206171"
      },
      {
        "title": "Apple Safari WebKit Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60645"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-19",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/dec/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205635"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205639"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/537948/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035353"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1781"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1781"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/69614"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/69624"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.3,
        "url": "http://www.webkit.org/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1781"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1782"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1779"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1786"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1785"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1778"
      },
      {
        "trust": 0.1,
        "url": "http://webkitgtk.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "http://webkitgtk.org/security/wsa-2016-0003.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.tencent.com)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1771"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1772"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "http://www.tencent.com)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2197"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "db": "BID",
        "id": "85069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "PACKETSTORM",
        "id": "136535"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "db": "BID",
        "id": "85069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "db": "PACKETSTORM",
        "id": "136535"
      },
      {
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "date": "2016-03-21T00:00:00",
        "db": "BID",
        "id": "85069"
      },
      {
        "date": "2016-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "date": "2016-04-01T13:33:33",
        "db": "PACKETSTORM",
        "id": "136535"
      },
      {
        "date": "2016-03-22T15:20:32",
        "db": "PACKETSTORM",
        "id": "136347"
      },
      {
        "date": "2016-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "date": "2016-03-24T01:59:48.487000",
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90600"
      },
      {
        "date": "2016-07-05T22:02:00",
        "db": "BID",
        "id": "85069"
      },
      {
        "date": "2016-06-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      },
      {
        "date": "2016-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-1781"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  Safari Used in etc.  WebKit User-tracked vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001864"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-319"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1781 (GCVE-0-2016-1781)

CERTFR-2016-AVI-106

Solution

CNVD-2016-01843

FKIE_CVE-2016-1781

GHSA-74X2-79F4-HV52

GSD-2016-1781

VAR-201603-0241

Tags

Sightings

Nomenclature