Medium severity6.5NVD Advisory· Published Mar 24, 2016· Updated May 6, 2026

CVE-2016-1785

Description

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Affected products

Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <=9.0.3
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=9.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlnvdVendor Advisory
lists.apple.com/archives/security-announce/2016/Mar/msg00005.htmlnvdVendor Advisory
support.apple.com/HT206166nvdVendor Advisory
support.apple.com/HT206171nvdVendor Advisory
www.securityfocus.com/archive/1/537948/100/0/threadednvd
www.securitytracker.com/id/1035353nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000