CVE-2016-1785

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 9.3 Safari versions prior to 9.1

Description The issue is related to the Page Loading implementation in WebKit, which mishandles character encoding during access to cached data. This allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. The vulnerability is associated with a lack of protection for service data, enabling a remote attacker to bypass existing access restriction policies or obtain confidential information using a specially formed website.

Recommendations For Apple iOS versions prior to 9.3, update to version 9.3 or later. For Safari versions prior to 9.1, update to version 9.1 or later.