Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026
CVE-2015-5906
CVE-2015-5906
Description
The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2015/Sep/msg00001.htmlnvdVendor Advisory
- support.apple.com/HT205212nvdVendor Advisory
- www.securityfocus.com/bid/76766nvd
- www.securitytracker.com/id/1033609nvd
News mentions
0No linked articles in our index yet.