Details of VAR-201602-0215

ID

VAR-201602-0215

CVE

CVE-2016-1728

TITLE

Apple iOS and Safari of Cascading Style Sheets Vulnerability in the acquisition of important browser history information in the implementation of

Trust: 0.8

sources: JVNDB: JVNDB-2016-001411

DESCRIPTION

The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site. WebKit is prone to multiple security vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed attacks may cause a denial of service condition. This may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. Cascading Style Sheets (CSS, Cascading Style Sheet) is a computer language used to represent document styles such as HTML or XML. The vulnerability stems from the fact that the 'a:visited button' CSS is not properly handled when the program evaluates the height of the element Selector. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201706-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: WebKitGTK+: Multiple vulnerabilities Date: June 07, 2017 Bugs: #543650, #573656, #577068, #608958, #614876, #619788 ID: 201706-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in WebKitGTK+, the worst of which allows remote attackers to execute arbitrary code. Background ========== WebKitGTK+ is a full-featured port of the WebKit rendering engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3 Description =========== Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4" References ========== [ 1 ] CVE-2015-2330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330 [ 2 ] CVE-2015-7096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096 [ 3 ] CVE-2015-7098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098 [ 4 ] CVE-2016-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723 [ 5 ] CVE-2016-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724 [ 6 ] CVE-2016-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725 [ 7 ] CVE-2016-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726 [ 8 ] CVE-2016-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727 [ 9 ] CVE-2016-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728 [ 10 ] CVE-2016-4692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692 [ 11 ] CVE-2016-4743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743 [ 12 ] CVE-2016-7586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586 [ 13 ] CVE-2016-7587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587 [ 14 ] CVE-2016-7589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589 [ 15 ] CVE-2016-7592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592 [ 16 ] CVE-2016-7598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598 [ 17 ] CVE-2016-7599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599 [ 18 ] CVE-2016-7610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610 [ 19 ] CVE-2016-7611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611 [ 20 ] CVE-2016-7623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623 [ 21 ] CVE-2016-7632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632 [ 22 ] CVE-2016-7635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635 [ 23 ] CVE-2016-7639 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639 [ 24 ] CVE-2016-7640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640 [ 25 ] CVE-2016-7641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641 [ 26 ] CVE-2016-7642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642 [ 27 ] CVE-2016-7645 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645 [ 28 ] CVE-2016-7646 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646 [ 29 ] CVE-2016-7648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648 [ 30 ] CVE-2016-7649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649 [ 31 ] CVE-2016-7652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652 [ 32 ] CVE-2016-7654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654 [ 33 ] CVE-2016-7656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656 [ 34 ] CVE-2016-9642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642 [ 35 ] CVE-2016-9643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643 [ 36 ] CVE-2017-2350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350 [ 37 ] CVE-2017-2354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354 [ 38 ] CVE-2017-2355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355 [ 39 ] CVE-2017-2356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356 [ 40 ] CVE-2017-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362 [ 41 ] CVE-2017-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363 [ 42 ] CVE-2017-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364 [ 43 ] CVE-2017-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365 [ 44 ] CVE-2017-2366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366 [ 45 ] CVE-2017-2367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367 [ 46 ] CVE-2017-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369 [ 47 ] CVE-2017-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371 [ 48 ] CVE-2017-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373 [ 49 ] CVE-2017-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376 [ 50 ] CVE-2017-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377 [ 51 ] CVE-2017-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386 [ 52 ] CVE-2017-2392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392 [ 53 ] CVE-2017-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394 [ 54 ] CVE-2017-2395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395 [ 55 ] CVE-2017-2396 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396 [ 56 ] CVE-2017-2405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405 [ 57 ] CVE-2017-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415 [ 58 ] CVE-2017-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419 [ 59 ] CVE-2017-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433 [ 60 ] CVE-2017-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442 [ 61 ] CVE-2017-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445 [ 62 ] CVE-2017-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446 [ 63 ] CVE-2017-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447 [ 64 ] CVE-2017-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454 [ 65 ] CVE-2017-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455 [ 66 ] CVE-2017-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457 [ 67 ] CVE-2017-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459 [ 68 ] CVE-2017-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460 [ 69 ] CVE-2017-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464 [ 70 ] CVE-2017-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465 [ 71 ] CVE-2017-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466 [ 72 ] CVE-2017-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468 [ 73 ] CVE-2017-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469 [ 74 ] CVE-2017-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470 [ 75 ] CVE-2017-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471 [ 76 ] CVE-2017-2475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475 [ 77 ] CVE-2017-2476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476 [ 78 ] CVE-2017-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481 [ 79 ] CVE-2017-2496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496 [ 80 ] CVE-2017-2504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504 [ 81 ] CVE-2017-2505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505 [ 82 ] CVE-2017-2506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506 [ 83 ] CVE-2017-2508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508 [ 84 ] CVE-2017-2510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510 [ 85 ] CVE-2017-2514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514 [ 86 ] CVE-2017-2515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515 [ 87 ] CVE-2017-2521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521 [ 88 ] CVE-2017-2525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525 [ 89 ] CVE-2017-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526 [ 90 ] CVE-2017-2528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528 [ 91 ] CVE-2017-2530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530 [ 92 ] CVE-2017-2531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531 [ 93 ] CVE-2017-2536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536 [ 94 ] CVE-2017-2539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539 [ 95 ] CVE-2017-2544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544 [ 96 ] CVE-2017-2547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547 [ 97 ] CVE-2017-2549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549 [ 98 ] CVE-2017-6980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980 [ 99 ] CVE-2017-6984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201706-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --NcNxMnppmhackEL27c23XhPLDAAQ7GQcq-- . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0002 ------------------------------------------------------------------------ Date reported : March 11, 2016 Advisory ID : WSA-2016-0002 Advisory URL : http://webkitgtk.org/security/WSA-2016-0002.html CVE identifiers : CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728. Several vulnerabilities were discovered on WebKitGTK+. CVE-2016-1723 Versions affected: WebKitGTK+ before 2.10.5. Credit to Apple. CVE-2016-1724 Versions affected: WebKitGTK+ before 2.10.5. Credit to Apple. CVE-2016-1725 Versions affected: WebKitGTK+ before 2.10.5. Credit to Apple. CVE-2016-1726 Versions affected: WebKitGTK+ before 2.10.8. Credit to Apple. CVE-2016-1727 Versions affected: WebKitGTK+ before 2.10.5. Credit to Apple. CVE-2016-1728 Versions affected: WebKitGTK+ before 2.10.5. Credit to an anonymous researcher coordinated via Joe Vennix. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, March 11, 2016 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-1 iOS 9.2.1 iOS 9.2.1 is now available and addresses the following: Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor syslog Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple WebKit CSS Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Websites may know if the user has visited a given link Description: A privacy issue existed in the handling of the "a:visited button" CSS selector when evaluating the containing element's height. This was addressed through improved validation. CVE-ID CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix WebSheet Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious captive portal may be able to access the user's cookies Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals. CVE-ID CVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWnsHaAAoJEBcWfLTuOo7t1zwP/0RspCkyT0BHSQQO8VdMW/fc Y75BJakw9EAPtzl7JuXh2uyEW0Qj7zmCAxtHj40+ahzeL/Iop4t+2bNmxG0PKKJr xw4lfXqBPCyAFAWVnJnc7F+khS0mzOMYeSeTb809BhVZCGuPj8KaG0lO6i3Bpuv9 PegrCpntVconvMVnisv1DY5XCo+ieMnQfq3CwgjeLGJVayKwCLReEGEAy5fR/wcc U8UPi8ya8qHEM2R4HiqKvLWifvuhduKDRef8ONVKInndtUw3uMxLADb3ly0FNfK2 ZE8e/h6x6SchWKvPIlz3LkmH11PxVzOFcDSPyF8588kqIUeejJbCVmH2NTOKNWSc L86t9ZcJKOQeSA+vo9xuA4wL9oAqg0vTsU3imNI/eg5uo04UXnVmezFTdbnZTJUq 0muC+6spRRUEMV1c4vUSDNYQUWnplpm5tvOS1W9m/BYTeEBxrtHlNf1esnWst7LF bP2Dm2o4eUiMeGm0oS0aCvLOAkbZxIWGBoskJQo5QItGbrGXvolAOzy8ZG4VtcMc C57ndIvb6Aji0ZHoIoE9cQU/HAi3oA8NpAOmWnHR7TmgTLb0aKZkGbsePlpklZjO wmxK8O47hnsplGQ/MvQoq2du1yhijKHZ36o7nl+ZLll5EE9yXgoQTJ3C3SQ0uWYq It3pbAGWOfPf7kH++Tqf =8vfa -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2016-1728 // JVNDB: JVNDB-2016-001411 // BID: 81263 // VULHUB: VHN-90547 // PACKETSTORM: 142825 // PACKETSTORM: 136227 // PACKETSTORM: 135327 // PACKETSTORM: 135325

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lte	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.2	Trust: 1.0
vendor:	apple	model:	safari	scope:	eq	version:	9.0.2	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	9.2.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.0.3 (os x el capitan v10.11 from v10.11.2)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.0.3 (os x mavericks v10.9.5)	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	9.0.3 (os x yosemite v10.10.5)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.2	Trust: 0.6
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.4.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.6.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.4	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.91	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.92	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.31	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10.6	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	ne	version:	2.10.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.5	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watch hermes	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	ne	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	9.1.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.4.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.34	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.6.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.52	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.31	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.28	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watch sport	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	watch edition	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.33	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.30	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.10	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.90	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.6.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	7.1.7	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.7.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.5	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	8.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	ne	version:	2.10.8	Trust: 0.3
vendor:	webkitgtk	model:	webkitgtk+	scope:	eq	version:	2.10.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3

sources: BID: 81263 // JVNDB: JVNDB-2016-001411 // CNNVD: CNNVD-201602-011 // NVD: CVE-2016-1728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1728
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1728
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-011
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90547
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1728
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90547
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1728
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90547 // JVNDB: JVNDB-2016-001411 // CNNVD: CNNVD-201602-011 // NVD: CVE-2016-1728

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90547 // JVNDB: JVNDB-2016-001411 // NVD: CVE-2016-1728

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 142825 // CNNVD: CNNVD-201602-011

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-011

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001411

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-01-19-1 iOS 9.2.1	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-01-19-3 Safari 9.0.3	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00004.html	Trust: 0.8
title:	HT205730	url:	https://support.apple.com/en-us/HT205730	Trust: 0.8
title:	HT205732	url:	https://support.apple.com/en-us/HT205732	Trust: 0.8
title:	HT205732	url:	https://support.apple.com/ja-jp/HT205732	Trust: 0.8
title:	HT205730	url:	https://support.apple.com/ja-jp/HT205730	Trust: 0.8
title:	Apple iOS and Safari Cascading Style Sheets Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60022	Trust: 0.6

sources: JVNDB: JVNDB-2016-001411 // CNNVD: CNNVD-201602-011

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1728	Trust: 3.2
db:	BID	id:	81263	Trust: 1.4
db:	PACKETSTORM	id:	136227	Trust: 1.2
db:	SECTRACK	id:	1034737	Trust: 1.1
db:	JVN	id:	JVNVU90405245	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001411	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-011	Trust: 0.6
db:	VULHUB	id:	VHN-90547	Trust: 0.1
db:	PACKETSTORM	id:	142825	Trust: 0.1
db:	PACKETSTORM	id:	135327	Trust: 0.1
db:	PACKETSTORM	id:	135325	Trust: 0.1

sources: VULHUB: VHN-90547 // BID: 81263 // JVNDB: JVNDB-2016-001411 // PACKETSTORM: 142825 // PACKETSTORM: 136227 // PACKETSTORM: 135327 // PACKETSTORM: 135325 // CNNVD: CNNVD-201602-011 // NVD: CVE-2016-1728

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00004.html	Trust: 1.7
url:	https://support.apple.com/ht205730	Trust: 1.7
url:	https://support.apple.com/ht205732	Trust: 1.7
url:	https://security.gentoo.org/glsa/201706-15	Trust: 1.2
url:	http://www.securityfocus.com/bid/81263	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/537771/100/0/threaded	Trust: 1.1
url:	http://packetstormsecurity.com/files/136227/webkitgtk-memory-corruption-denial-of-service.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1034737	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1728	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90405245/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1728	Trust: 0.8
url:	http://webkitgtk.org/security/wsa-2016-0002.html	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1724	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1725	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1727	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1728	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1723	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1726	Trust: 0.4
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-ie/ht205729	Trust: 0.3
url:	https://gpgtools.org	Trust: 0.2
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7096	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2394	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7652	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2363	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2457	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2386	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2350	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2366	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2466	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7586	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7654	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2442	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7646	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7641	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2367	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2373	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2530	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2459	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7611	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7598	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7611	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2465	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-6980	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1727	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2454	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2455	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7656	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2544	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2354	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9643	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4692	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2447	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2377	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2464	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2470	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7648	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2365	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2506	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7646	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7587	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2549	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2471	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2526	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7639	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4743	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7598	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2514	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2515	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2521	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7641	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2539	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2369	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7632	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7640	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1724	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2460	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2371	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2419	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2481	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7645	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2364	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2469	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7096	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1725	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2468	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7645	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2505	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-6984	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7610	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4692	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2547	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7098	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2476	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2376	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7640	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1723	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2405	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2395	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7639	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2362	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7599	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2396	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7649	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2525	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2433	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7098	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2445	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2356	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7623	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2504	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2508	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2531	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2528	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4743	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7635	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2496	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7642	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2392	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2446	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2355	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2536	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2330	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7592	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-2415	Trust: 0.1
url:	http://webkitgtk.org/security.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1730	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7995	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1717	Trust: 0.1

CREDITS

Apple and an anonymous researcher coordinated via Joe Vennix

Trust: 0.3

sources: BID: 81263

SOURCES

db:	VULHUB	id:	VHN-90547
db:	BID	id:	81263
db:	JVNDB	id:	JVNDB-2016-001411
db:	PACKETSTORM	id:	142825
db:	PACKETSTORM	id:	136227
db:	PACKETSTORM	id:	135327
db:	PACKETSTORM	id:	135325
db:	CNNVD	id:	CNNVD-201602-011
db:	NVD	id:	CVE-2016-1728

LAST UPDATE DATE

2025-04-13T21:18:05.568000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90547	date:	2018-10-09T00:00:00
db:	BID	id:	81263	date:	2017-06-08T08:02:00
db:	JVNDB	id:	JVNDB-2016-001411	date:	2016-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201602-011	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1728	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90547	date:	2016-02-01T00:00:00
db:	BID	id:	81263	date:	2016-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-001411	date:	2016-02-17T00:00:00
db:	PACKETSTORM	id:	142825	date:	2017-06-07T14:18:30
db:	PACKETSTORM	id:	136227	date:	2016-03-12T21:01:11
db:	PACKETSTORM	id:	135327	date:	2016-01-20T16:57:30
db:	PACKETSTORM	id:	135325	date:	2016-01-20T16:51:56
db:	CNNVD	id:	CNNVD-201602-011	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1728	date:	2016-02-01T11:59:13.073