PT-2016-2021 · Apple · Ios+3
Richard Shupak
·
Publicado
2016-05-20
·
Atualizado
2016-12-01
·
CVE-2016-1842
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MapKit in Apple iOS versions prior to 9.3.2
MapKit in Apple OS X versions prior to 10.11.5
MapKit in Apple watchOS versions prior to 2.2.1
Description
The issue is related to MapKit not using HTTPS for shared links, allowing remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. This can enable a remote attacker to gain confidential information by listening to network traffic.
Recommendations
For iOS versions prior to 9.3.2, update to version 9.3.2 or later.
For OS X versions prior to 10.11.5, update to version 10.11.5 or later.
For watchOS versions prior to 2.2.1, update to version 2.2.1 or later.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mapkit
Os X
Ios
Watchos