CVE-2016-1842 Information

Feb 14, 2021 cve

Description

MapKit in Apple iOS before 9.3.2 OS X before 10.11.5 and watchOS before 2.2.1 does not use HTTPS for shared links which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https://support.apple.com/HT206568

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: