VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Mar 24, 2016· Updated May 6, 2026

CVE-2016-1772

CVE-2016-1772

Description

The Top Sites feature in Safari before 9.1 mishandles cookie storage, allowing remote web servers to track users more easily.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Top Sites feature in Safari before 9.1 mishandles cookie storage, allowing remote web servers to track users more easily.

Vulnerability

The Top Sites feature in Apple Safari versions prior to 9.1 mishandles cookie storage, enabling remote web servers to track users via unspecified vectors. Affected versions include Safari on OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4 before Safari 9.1 [1].

Exploitation

An attacker can exploit this vulnerability by having the user visit a malicious website. The exact mechanism is not disclosed, but it involves the Top Sites feature's cookie handling. No authentication or special privileges are required beyond network access [1].

Impact

Successful exploitation allows remote web servers to track users more easily, potentially compromising user privacy through information disclosure of browsing habits. The impact is limited to tracking and does not include code execution or data modification [1].

Mitigation

Apple addressed this issue in Safari 9.1, released on March 21, 2016. Users should update to Safari 9.1 or later via OS X updates. No workarounds are documented [1].

References
  1. About the security content of Safari 9.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=9.0.3
    • (no CPE)range: <9.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.