CVE-2016-1864: Infoleak
First published: Sun Jun 19 2016(Updated: )
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mobile Safari | <=9.0.3 | |
| iStyle @cosme iPhone OS | <=9.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1864?
CVE-2016-1864 is classified as a moderate severity vulnerability that affects WebKit's XSS auditor.
How do I fix CVE-2016-1864?
To fix CVE-2016-1864, update your Apple Safari or iOS to the latest version that addresses this vulnerability.
Which versions of Safari are affected by CVE-2016-1864?
CVE-2016-1864 affects Apple Safari versions prior to 9.1.
Which versions of iOS are affected by CVE-2016-1864?
CVE-2016-1864 affects iOS versions prior to 9.3.
What type of attack does CVE-2016-1864 enable?
CVE-2016-1864 enables remote attackers to obtain sensitive information via a crafted URL due to improper handling of redirects.
- agent/references
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple mobile safari
- version/apple mobile safari/9.0.3
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/9.2.1