The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
References
Link | Resource |
---|---|
https://support.apple.com/HT206565 | Vendor Advisory |
https://support.apple.com/HT206568 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2016/May/msg00005.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html | Vendor Advisory |
http://www.securitytracker.com/id/1035888 |
Information
Published : 2016-05-20 04:00
Updated : 2016-11-30 19:07
NVD link : CVE-2016-1849
Mitre link : CVE-2016-1849
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apple
- safari
- iphone_os