Details of VAR-201702-0188

ID

VAR-201702-0188

CVE

CVE-2016-7759

TITLE

Apple iOS of Springboard Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-007385

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher. Apple iOS is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. Springboard is a desktop for Apple iDevice

Trust: 1.98

sources: NVD: CVE-2016-7759 // JVNDB: JVNDB-2016-007385 // BID: 96335 // VULHUB: VHN-96579

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.3.5	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.5	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10	Trust: 0.3

sources: BID: 96335 // JVNDB: JVNDB-2016-007385 // CNNVD: CNNVD-201702-712 // NVD: CVE-2016-7759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7759
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7759
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-712
value:	LOW
Trust: 0.6
VULHUB:	VHN-96579
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-7759
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96579
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7759
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.7
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96579 // JVNDB: JVNDB-2016-007385 // CNNVD: CNNVD-201702-712 // NVD: CVE-2016-7759

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-96579 // JVNDB: JVNDB-2016-007385 // NVD: CVE-2016-7759

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201702-712

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-712

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007385

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-09-20-3 iOS 10	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html	Trust: 0.8
title:	HT207143	url:	https://support.apple.com/en-us/HT207143	Trust: 0.8
title:	HT207143	url:	https://support.apple.com/ja-jp/HT207143	Trust: 0.8
title:	Apple iOS Springboard Fixes for component information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68141	Trust: 0.6

sources: JVNDB: JVNDB-2016-007385 // CNNVD: CNNVD-201702-712

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7759	Trust: 2.8
db:	JVN	id:	JVNVU93841436	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007385	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-712	Trust: 0.7
db:	BID	id:	96335	Trust: 0.4
db:	VULHUB	id:	VHN-96579	Trust: 0.1

sources: VULHUB: VHN-96579 // BID: 96335 // JVNDB: JVNDB-2016-007385 // CNNVD: CNNVD-201702-712 // NVD: CVE-2016-7759

REFERENCES

url:	https://support.apple.com/ht207143	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7759	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93841436/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7759	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3

sources: VULHUB: VHN-96579 // BID: 96335 // JVNDB: JVNDB-2016-007385 // CNNVD: CNNVD-201702-712 // NVD: CVE-2016-7759

CREDITS

Fatma Yilmaz of Ptt Genel Müdürlügü from Ankara.

Trust: 0.3

sources: BID: 96335

SOURCES

db:	VULHUB	id:	VHN-96579
db:	BID	id:	96335
db:	JVNDB	id:	JVNDB-2016-007385
db:	CNNVD	id:	CNNVD-201702-712
db:	NVD	id:	CVE-2016-7759

LAST UPDATE DATE

2025-04-20T20:08:33.388000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96579	date:	2017-02-22T00:00:00
db:	BID	id:	96335	date:	2017-03-07T02:05:00
db:	JVNDB	id:	JVNDB-2016-007385	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201702-712	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7759	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96579	date:	2017-02-20T00:00:00
db:	BID	id:	96335	date:	2017-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-007385	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201702-712	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7759	date:	2017-02-20T08:59:04.510