cvelistv5 - cve-2016-1842

CVE-2016-1842 (GCVE-0-2016-1842)

Vulnerability from cvelistv5

Published

2016-05-20 10:00

Modified

2024-08-05 23:10

Severity ?

CWE

Summary

MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

References

URL

Tags

	https://support.apple.com/HT206567	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html	vendor-advisory, x_refsource_APPLE
	https://support.apple.com/HT206566	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html	vendor-advisory, x_refsource_APPLE
	http://www.securitytracker.com/id/1035890	vdb-entry, x_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	vendor-advisory, x_refsource_APPLE
	https://support.apple.com/HT206568	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206567"
          },
          {
            "name": "APPLE-SA-2016-05-16-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206566"
          },
          {
            "name": "APPLE-SA-2016-05-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
          },
          {
            "name": "1035890",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035890"
          },
          {
            "name": "APPLE-SA-2016-05-16-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206568"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206567"
        },
        {
          "name": "APPLE-SA-2016-05-16-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206566"
        },
        {
          "name": "APPLE-SA-2016-05-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
        },
        {
          "name": "1035890",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035890"
        },
        {
          "name": "APPLE-SA-2016-05-16-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206568"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1842",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT206567",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206567"
            },
            {
              "name": "APPLE-SA-2016-05-16-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00004.html"
            },
            {
              "name": "https://support.apple.com/HT206566",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206566"
            },
            {
              "name": "APPLE-SA-2016-05-16-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00003.html"
            },
            {
              "name": "1035890",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035890"
            },
            {
              "name": "APPLE-SA-2016-05-16-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT206568",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206568"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-1842",
    "datePublished": "2016-05-20T10:00:00.000Z",
    "dateReserved": "2016-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:10:40.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2016-AVI-172

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS versions antérieures à 9.3.2
Apple	Safari	Apple Safari versions antérieures à 9.1.1
Apple	N/A	Apple OS X El Capitan version 10.11.5 sans la mise à jour de sécurité 2016-003

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206567	2016-05-16	vendor-advisory
Bulletin de sécurité Apple HT206568	2016-05-16	vendor-advisory
Bulletin de sécurité Apple HT206565	2016-05-16	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan version 10.11.5 sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1831"
    },
    {
      "name": "CVE-2016-1821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1821"
    },
    {
      "name": "CVE-2016-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1792"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2016-1854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1854"
    },
    {
      "name": "CVE-2016-1820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1820"
    },
    {
      "name": "CVE-2016-1818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1818"
    },
    {
      "name": "CVE-2016-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1797"
    },
    {
      "name": "CVE-2016-1801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1801"
    },
    {
      "name": "CVE-2016-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1815"
    },
    {
      "name": "CVE-2016-1796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1796"
    },
    {
      "name": "CVE-2016-1826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1826"
    },
    {
      "name": "CVE-2016-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1806"
    },
    {
      "name": "CVE-2016-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1795"
    },
    {
      "name": "CVE-2016-4072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4072"
    },
    {
      "name": "CVE-2016-1853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1853"
    },
    {
      "name": "CVE-2016-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1841"
    },
    {
      "name": "CVE-2016-1819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1819"
    },
    {
      "name": "CVE-2016-1817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1817"
    },
    {
      "name": "CVE-2016-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1843"
    },
    {
      "name": "CVE-2016-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1811"
    },
    {
      "name": "CVE-2016-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1803"
    },
    {
      "name": "CVE-2016-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1802"
    },
    {
      "name": "CVE-2016-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1824"
    },
    {
      "name": "CVE-2016-1856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1856"
    },
    {
      "name": "CVE-2016-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1828"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-1851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1851"
    },
    {
      "name": "CVE-2016-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1832"
    },
    {
      "name": "CVE-2016-1842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1842"
    },
    {
      "name": "CVE-2016-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1849"
    },
    {
      "name": "CVE-2016-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1799"
    },
    {
      "name": "CVE-2016-3141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3141"
    },
    {
      "name": "CVE-2016-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
    },
    {
      "name": "CVE-2016-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1804"
    },
    {
      "name": "CVE-2016-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1830"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-1798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1798"
    },
    {
      "name": "CVE-2016-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1813"
    },
    {
      "name": "CVE-2016-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1814"
    },
    {
      "name": "CVE-2016-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1844"
    },
    {
      "name": "CVE-2016-1827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1827"
    },
    {
      "name": "CVE-2016-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1822"
    },
    {
      "name": "CVE-2016-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1846"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2016-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1790"
    },
    {
      "name": "CVE-2016-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1793"
    },
    {
      "name": "CVE-2016-4071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4071"
    },
    {
      "name": "CVE-2016-1816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1816"
    },
    {
      "name": "CVE-2016-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1805"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2016-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3142"
    },
    {
      "name": "CVE-2015-8865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8865"
    },
    {
      "name": "CVE-2016-1825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1825"
    },
    {
      "name": "CVE-2016-4070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4070"
    },
    {
      "name": "CVE-2016-1852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1852"
    },
    {
      "name": "CVE-2016-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1807"
    },
    {
      "name": "CVE-2016-1810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1810"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2016-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1848"
    },
    {
      "name": "CVE-2016-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1808"
    },
    {
      "name": "CVE-2016-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1823"
    },
    {
      "name": "CVE-2016-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1791"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1812"
    },
    {
      "name": "CVE-2016-1850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1850"
    },
    {
      "name": "CVE-2016-1800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1800"
    },
    {
      "name": "CVE-2016-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1858"
    },
    {
      "name": "CVE-2016-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1847"
    },
    {
      "name": "CVE-2016-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1794"
    },
    {
      "name": "CVE-2016-1857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1857"
    },
    {
      "name": "CVE-2016-4073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4073"
    },
    {
      "name": "CVE-2016-1859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1859"
    },
    {
      "name": "CVE-2016-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1855"
    },
    {
      "name": "CVE-2016-1809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1809"
    },
    {
      "name": "CVE-2016-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1829"
    }
  ],
  "initial_release_date": "2016-05-17T00:00:00",
  "last_revision_date": "2016-05-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2016-05-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206567",
      "url": "https://support.apple.com/en-us/HT206567"
    },
    {
      "published_at": "2016-05-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206568",
      "url": "https://support.apple.com/en-us/HT206568"
    },
    {
      "published_at": "2016-05-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206565",
      "url": "https://support.apple.com/en-us/HT206565"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-1842 (GCVE-0-2016-1842)

Vulnerability from cvelistv5

CERTFR-2016-AVI-172

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature