CVE-2016-1864 in tvOSinfo

Summary

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/13/2016

Disclosure

06/19/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

Sources

• MITRE
• NVD
• CVE Details