CVE-2016-1849
Description
The "Clear History and Website Data" feature in Safari before 9.1.1 fails to fully delete browsing history, allowing local users with read access to recover sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The "Clear History and Website Data" feature in Safari before 9.1.1 fails to fully delete browsing history, allowing local users with read access to recover sensitive data.
Vulnerability
The "Clear History and Website Data" feature in Apple Safari before 9.1.1 (and iOS before 9.3.2) does not properly delete browsing history, leaving residual data in a Safari directory. This affects Safari on OS X Mavericks 10.9.5, Yosemite 10.10.5, and El Capitan 10.11.5, as well as iOS prior to 9.3.2 [2].
Exploitation
A local attacker with read access to the Safari directory can recover deleted browsing history. No other privileges or user interaction beyond local access are required.
Impact
Successful exploitation leads to disclosure of sensitive browsing history information, compromising user privacy.
Mitigation
Update to Safari 9.1.1 (on OS X) or iOS 9.3.2 (on iOS). Apple released these updates on May 16, 2016 [2]. No other workarounds are documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=9.1
- (no CPE)range: <9.1.1
- Range: <9.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.apple.com/archives/security-announce/2016/May/msg00002.htmlnvdVendor Advisory
- lists.apple.com/archives/security-announce/2016/May/msg00005.htmlnvdVendor Advisory
- support.apple.com/HT206565nvdVendor Advisory
- support.apple.com/HT206568nvdVendor Advisory
- www.securitytracker.com/id/1035888nvd
News mentions
0No linked articles in our index yet.