Details of VAR-201603-0240

ID

VAR-201603-0240

CVE

CVE-2016-1780

TITLE

Apple iOS Used in etc. WebKit Vulnerabilities in which important information about the physical environment of devices is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-001903

DESCRIPTION

WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. Apple iOS Used in etc. WebKit is prone to an information-disclosure vulnerability. Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions prior to Apple iOS 9.3

Trust: 1.98

sources: NVD: CVE-2016-1780 // JVNDB: JVNDB-2016-001903 // BID: 85063 // VULHUB: VHN-90599

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.2.1	Trust: 0.6
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 85063 // JVNDB: JVNDB-2016-001903 // CNNVD: CNNVD-201603-326 // NVD: CVE-2016-1780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1780
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1780
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-326
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90599
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1780
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90599
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1780
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90599 // JVNDB: JVNDB-2016-001903 // CNNVD: CNNVD-201603-326 // NVD: CVE-2016-1780

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90599 // JVNDB: JVNDB-2016-001903 // NVD: CVE-2016-1780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-326

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201603-326

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001903

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-03-21-1 iOS 9.3	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/en-us/HT206166	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/ja-jp/HT206166	Trust: 0.8
title:	Apple iOS WebKit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60652	Trust: 0.6

sources: JVNDB: JVNDB-2016-001903 // CNNVD: CNNVD-201603-326

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1780	Trust: 2.8
db:	SECTRACK	id:	1035353	Trust: 1.1
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001903	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-326	Trust: 0.7
db:	SECUNIA	id:	69614	Trust: 0.6
db:	BID	id:	85063	Trust: 0.4
db:	VULHUB	id:	VHN-90599	Trust: 0.1

sources: VULHUB: VHN-90599 // BID: 85063 // JVNDB: JVNDB-2016-001903 // CNNVD: CNNVD-201603-326 // NVD: CVE-2016-1780

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html	Trust: 1.7
url:	https://support.apple.com/ht206166	Trust: 1.7
url:	http://www.securitytracker.com/id/1035353	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1780	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1780	Trust: 0.8
url:	http://secunia.com/advisories/69614	Trust: 0.6
url:	http://www.webkit.org/	Trust: 0.3

sources: VULHUB: VHN-90599 // BID: 85063 // JVNDB: JVNDB-2016-001903 // CNNVD: CNNVD-201603-326 // NVD: CVE-2016-1780

CREDITS

Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK

Trust: 0.3

sources: BID: 85063

SOURCES

db:	VULHUB	id:	VHN-90599
db:	BID	id:	85063
db:	JVNDB	id:	JVNDB-2016-001903
db:	CNNVD	id:	CNNVD-201603-326
db:	NVD	id:	CVE-2016-1780

LAST UPDATE DATE

2025-04-13T21:41:52.146000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90599	date:	2016-12-03T00:00:00
db:	BID	id:	85063	date:	2016-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-001903	date:	2016-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201603-326	date:	2016-03-23T00:00:00
db:	NVD	id:	CVE-2016-1780	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90599	date:	2016-03-24T00:00:00
db:	BID	id:	85063	date:	2016-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-001903	date:	2016-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201603-326	date:	2016-03-23T00:00:00
db:	NVD	id:	CVE-2016-1780	date:	2016-03-24T01:59:47.517