Sign-up

ID

VAR-201602-0217


CVE

CVE-2016-1730


TITLE

Apple iOS of WebSheet In Cookie Vulnerability that can be read

Trust: 0.8

sources: JVNDB: JVNDB-2016-001413

DESCRIPTION

WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is fixed in iOS 9.2.1. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. WebSheet is one of the web form application components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-1 iOS 9.2.1 iOS 9.2.1 is now available and addresses the following: Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor syslog Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple WebKit CSS Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Websites may know if the user has visited a given link Description: A privacy issue existed in the handling of the "a:visited button" CSS selector when evaluating the containing element's height. This was addressed through improved validation. CVE-ID CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix WebSheet Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious captive portal may be able to access the user's cookies Description: An issue existed that allowed some captive portals to read or write cookies. CVE-ID CVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWnsHaAAoJEBcWfLTuOo7t1zwP/0RspCkyT0BHSQQO8VdMW/fc Y75BJakw9EAPtzl7JuXh2uyEW0Qj7zmCAxtHj40+ahzeL/Iop4t+2bNmxG0PKKJr xw4lfXqBPCyAFAWVnJnc7F+khS0mzOMYeSeTb809BhVZCGuPj8KaG0lO6i3Bpuv9 PegrCpntVconvMVnisv1DY5XCo+ieMnQfq3CwgjeLGJVayKwCLReEGEAy5fR/wcc U8UPi8ya8qHEM2R4HiqKvLWifvuhduKDRef8ONVKInndtUw3uMxLADb3ly0FNfK2 ZE8e/h6x6SchWKvPIlz3LkmH11PxVzOFcDSPyF8588kqIUeejJbCVmH2NTOKNWSc L86t9ZcJKOQeSA+vo9xuA4wL9oAqg0vTsU3imNI/eg5uo04UXnVmezFTdbnZTJUq 0muC+6spRRUEMV1c4vUSDNYQUWnplpm5tvOS1W9m/BYTeEBxrtHlNf1esnWst7LF bP2Dm2o4eUiMeGm0oS0aCvLOAkbZxIWGBoskJQo5QItGbrGXvolAOzy8ZG4VtcMc C57ndIvb6Aji0ZHoIoE9cQU/HAi3oA8NpAOmWnHR7TmgTLb0aKZkGbsePlpklZjO wmxK8O47hnsplGQ/MvQoq2du1yhijKHZ36o7nl+ZLll5EE9yXgoQTJ3C3SQ0uWYq It3pbAGWOfPf7kH++Tqf =8vfa -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2016-1730 // JVNDB: JVNDB-2016-001413 // BID: 81290 // VULHUB: VHN-90549 // VULMON: CVE-2016-1730 // PACKETSTORM: 135325

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:9.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9.2.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.2.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.2.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.2.1

Trust: 0.3

sources: BID: 81290 // JVNDB: JVNDB-2016-001413 // CNNVD: CNNVD-201601-599 // NVD: CVE-2016-1730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1730
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1730
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201601-599
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90549
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-1730
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1730
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-90549
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1730
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90549 // VULMON: CVE-2016-1730 // JVNDB: JVNDB-2016-001413 // CNNVD: CNNVD-201601-599 // NVD: CVE-2016-1730

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-19

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-90549 // JVNDB: JVNDB-2016-001413 // NVD: CVE-2016-1730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-599

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201601-599

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001413

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-01-19-1 iOS 9.2.1url:http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html
Trust: 0.8
title:HT205732url:https://support.apple.com/en-us/HT205732
Trust: 0.8
title:HT205732url:https://support.apple.com/ja-jp/HT205732
Trust: 0.8
title:Apple iOS WebSheet Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59917
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001413 // 
            
            
            
            CNNVD: CNNVD-201601-599

EXTERNAL IDS
db:NVDid:CVE-2016-1730
Trust: 3.0
db:SECTRACKid:1034737
Trust: 1.2
db:JVNid:JVNVU90405245
Trust: 0.8
db:JVNDBid:JVNDB-2016-001413
Trust: 0.8
db:CNNVDid:CNNVD-201601-599
Trust: 0.7
db:BIDid:81290
Trust: 0.5
db:VULHUBid:VHN-90549
Trust: 0.1
db:VULMONid:CVE-2016-1730
Trust: 0.1
db:PACKETSTORMid:135325
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90549 // 
            
            
            
            VULMON: CVE-2016-1730 // 
            
            
            
            BID: 81290 // 
            
            
            
            JVNDB: JVNDB-2016-001413 // 
            
            
            
            PACKETSTORM: 135325 // 
            
            
            
            CNNVD: CNNVD-201601-599 // 
            
            
            
            NVD: CVE-2016-1730

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html
Trust: 1.8
url:https://support.apple.com/ht205732
Trust: 1.8
url:http://www.securitytracker.com/id/1034737
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1730
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90405245/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1730
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/19.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/81290
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1730
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1720
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7995
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1725
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1726
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1727
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1728
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1719
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1724
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1721
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1722
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-1717
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90549 // 
            
            
            
            VULMON: CVE-2016-1730 // 
            
            
            
            BID: 81290 // 
            
            
            
            JVNDB: JVNDB-2016-001413 // 
            
            
            
            PACKETSTORM: 135325 // 
            
            
            
            CNNVD: CNNVD-201601-599 // 
            
            
            
            NVD: CVE-2016-1730

CREDITS
Adi Sharabani and Yair Amit of Skycure
Trust: 0.3
sources:
            
            
            BID: 81290

SOURCES
db:VULHUBid:VHN-90549
db:VULMONid:CVE-2016-1730
db:BIDid:81290
db:JVNDBid:JVNDB-2016-001413
db:PACKETSTORMid:135325
db:CNNVDid:CNNVD-201601-599
db:NVDid:CVE-2016-1730

LAST UPDATE DATE
2025-04-13T21:18:19.298000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90549date:2016-12-06T00:00:00
db:VULMONid:CVE-2016-1730date:2016-12-06T00:00:00
db:BIDid:81290date:2016-01-19T00:00:00
db:JVNDBid:JVNDB-2016-001413date:2016-02-17T00:00:00
db:CNNVDid:CNNVD-201601-599date:2016-02-02T00:00:00
db:NVDid:CVE-2016-1730date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90549date:2016-02-01T00:00:00
db:VULMONid:CVE-2016-1730date:2016-02-01T00:00:00
db:BIDid:81290date:2016-01-19T00:00:00
db:JVNDBid:JVNDB-2016-001413date:2016-02-17T00:00:00
db:PACKETSTORMid:135325date:2016-01-20T16:51:56
db:CNNVDid:CNNVD-201601-599date:2016-01-22T00:00:00
db:NVDid:CVE-2016-1730date:2016-02-01T11:59:14.887