CVE-2016-1780

MEDIUM

iPhone OS < 9.3 - Unauthorized Sensitive Information Exposure via WebKit Hidden Web Views

Title source: llm
STIX 2.1

Description

WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035353
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206166

Scores

CVSS v3 4.3
EPSS 0.0124
EPSS Percentile 65.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
apple/iphone_os < 9.2.1
Published Mar 24, 2016
Tracked Since Feb 18, 2026