Details of VAR-201605-0478

ID

VAR-201605-0478

CVE

CVE-2016-1852

TITLE

Apple iOS of Siri Vulnerable to obtaining important contact and photo information

Trust: 0.8

sources: JVNDB: JVNDB-2016-002846

DESCRIPTION

Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. Apple iOS is prone to a local security-bypass vulnerability. Attackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Versions prior to iOS 9.3.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Siri is one of the voice control components. The vulnerability stems from a state management issue when the program accesses Siri results from the locked interface. An attacker could exploit this vulnerability with physical access to access contacts and photos from a locked interface

Trust: 1.98

sources: NVD: CVE-2016-1852 // JVNDB: JVNDB-2016-002846 // BID: 90695 // VULHUB: VHN-90671

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.3.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 90695 // JVNDB: JVNDB-2016-002846 // CNNVD: CNNVD-201605-503 // NVD: CVE-2016-1852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1852
value:	LOW
Trust: 1.0
NVD:	CVE-2016-1852
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201605-503
value:	LOW
Trust: 0.6
VULHUB:	VHN-90671
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-1852
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90671
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1852
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90671 // JVNDB: JVNDB-2016-002846 // CNNVD: CNNVD-201605-503 // NVD: CVE-2016-1852

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90671 // JVNDB: JVNDB-2016-002846 // NVD: CVE-2016-1852

THREAT TYPE

local

Trust: 0.9

sources: BID: 90695 // CNNVD: CNNVD-201605-503

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-503

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002846

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-05-16-2 iOS 9.3.2	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/en-us/HT206568	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/ja-jp/HT206568	Trust: 0.8
title:	Apple iOS Siri Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61817	Trust: 0.6

sources: JVNDB: JVNDB-2016-002846 // CNNVD: CNNVD-201605-503

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1852	Trust: 2.8
db:	SECTRACK	id:	1035890	Trust: 1.1
db:	JVN	id:	JVNVU91632741	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002846	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-503	Trust: 0.7
db:	AUSCERT	id:	ESB-2016.1233	Trust: 0.6
db:	BID	id:	90695	Trust: 0.4
db:	VULHUB	id:	VHN-90671	Trust: 0.1

sources: VULHUB: VHN-90671 // BID: 90695 // JVNDB: JVNDB-2016-002846 // CNNVD: CNNVD-201605-503 // NVD: CVE-2016-1852

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/may/msg00002.html	Trust: 1.7
url:	https://support.apple.com/ht206568	Trust: 1.7
url:	http://www.securitytracker.com/id/1035890	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1852	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91632741/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1852	Trust: 0.8
url:	https://www.auscert.org.au/render.html?it=34686	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3

sources: VULHUB: VHN-90671 // BID: 90695 // JVNDB: JVNDB-2016-002846 // CNNVD: CNNVD-201605-503 // NVD: CVE-2016-1852

CREDITS

videosdebarraquito

Trust: 0.3

sources: BID: 90695

SOURCES

db:	VULHUB	id:	VHN-90671
db:	BID	id:	90695
db:	JVNDB	id:	JVNDB-2016-002846
db:	CNNVD	id:	CNNVD-201605-503
db:	NVD	id:	CVE-2016-1852

LAST UPDATE DATE

2025-04-13T21:11:25.436000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90671	date:	2016-12-02T00:00:00
db:	BID	id:	90695	date:	2016-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-002846	date:	2016-05-24T00:00:00
db:	CNNVD	id:	CNNVD-201605-503	date:	2016-05-25T00:00:00
db:	NVD	id:	CVE-2016-1852	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90671	date:	2016-05-20T00:00:00
db:	BID	id:	90695	date:	2016-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-002846	date:	2016-05-24T00:00:00
db:	CNNVD	id:	CNNVD-201605-503	date:	2016-05-20T00:00:00
db:	NVD	id:	CVE-2016-1852	date:	2016-05-20T11:00:05.660