VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Feb 1, 2016· Updated May 6, 2026

CVE-2016-1728

CVE-2016-1728

Description

CSS a:visited button selector in Apple iOS and Safari mishandles height processing, enabling remote attackers to infer visited links via crafted site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CSS a:visited button selector in Apple iOS and Safari mishandles height processing, enabling remote attackers to infer visited links via crafted site.

Vulnerability

The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the a:visited button selector during height processing. This allows a crafted website to detect whether a link has been visited by measuring the computed height of the element [1][2].

Exploitation

An attacker hosts a malicious website that uses CSS or JavaScript to query the height of a:visited button elements. When a user visits the site, the browser returns different heights for visited versus unvisited links, enabling the attacker to infer the user's browsing history. No additional user interaction is required beyond visiting the site.

Impact

Successful exploitation results in information disclosure: the attacker gains knowledge of which specific links the user has visited, violating user privacy. The CVSS v3 severity is 4.3 (Medium).

Mitigation

Apple released fixes in iOS 9.2.1 and Safari 9.0.3 [1][2]. Users should update to these versions. For WebKitGTK+ users, the issue is addressed in version 2.16.3 [3]. No other workarounds are known.

References
  1. About the security content of iOS 9.2.1 - Apple Support
  2. About the security content of Safari 9.0.3 - Apple Support
  3. Multiple vulnerabilities (GLSA 201706-15) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=9.0.2
    • (no CPE)range: <9.0.3
  • Apple Inc./Iphone OS
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=9.2
  • Apple Inc./iOSllm-fuzzy
    Range: <9.2.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.