CVE-2015-1112

EUVD-2015-1255
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
appleiphone_os
𝑥
≤ 8.2
applesafari
𝑥
≤ 6.2.4
applesafari
7.0
applesafari
7.0.1
applesafari
7.0.2
applesafari
7.0.3
applesafari
7.0.4
applesafari
7.0.5
applesafari
7.0.6
applesafari
7.1.0
applesafari
7.1.1
applesafari
7.1.2
applesafari
7.1.3
applesafari
7.1.4
applesafari
8.0.0
applesafari
8.0.1
applesafari
8.0.2
applesafari
8.0.3
applesafari
8.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT204661
http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html
http://www.securitytracker.com/id/1032047
https://support.apple.com/HT204658
https://support.apple.com/HT204661