CVE-2016-4707

Vulnerability

CFNetwork in Apple iOS prior to 10 and OS X (macOS) prior to 10.12 mishandles the deletion of local storage data. When a user attempts to clear browsing history or local storage, the underlying storage is not properly purged, leaving residual data accessible. The affected versions are iOS 9.x and earlier, and OS X El Capitan 10.11.x and earlier [1][2].

Exploitation

A local attacker with access to the same device (e.g., a shared computer or an already compromised account) can exploit this flaw by reading the improperly deleted local storage files. The exact sequence of steps is undisclosed by Apple, but the attack vector is local and does not require network access or elevated privileges beyond user-level access to the filesystem [1][2].

Impact

Successful exploitation allows the local attacker to discover the visited web sites of arbitrary users of the device. This is a confidentiality breach, as it reveals browsing history which may include sensitive information about the victim's activities, preferences, or credentials. The attack does not grant code execution or privilege escalation [1][2].

Mitigation

The issue is addressed in iOS 10 (released September 13, 2016) and macOS Sierra 10.12 (released September 20, 2016). Users should update their devices to these versions or later to resolve the vulnerability. No workarounds are documented in the available references [1][2].