CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Iphone_os | Apple | * | 9.3.5 (including) |
| Mac_os_x | Apple | * | 10.11.6 (including) |
| Qtwebkit-opensource-src | Ubuntu | devel | * |
| Qtwebkit-opensource-src | Ubuntu | esm-infra/xenial | * |
| Qtwebkit-opensource-src | Ubuntu | trusty | * |
| Qtwebkit-opensource-src | Ubuntu | xenial | * |
| Qtwebkit-opensource-src | Ubuntu | yakkety | * |
| Qtwebkit-source | Ubuntu | devel | * |
| Qtwebkit-source | Ubuntu | esm-apps/xenial | * |
| Qtwebkit-source | Ubuntu | precise | * |
| Qtwebkit-source | Ubuntu | trusty | * |
| Qtwebkit-source | Ubuntu | xenial | * |
| Qtwebkit-source | Ubuntu | yakkety | * |
| Webkit | Ubuntu | precise | * |
| Webkit2gtk | Ubuntu | esm-infra/xenial | * |
| Webkit2gtk | Ubuntu | upstream | * |
| Webkit2gtk | Ubuntu | xenial | * |
| Webkitgtk | Ubuntu | devel | * |
| Webkitgtk | Ubuntu | esm-apps/xenial | * |
| Webkitgtk | Ubuntu | trusty | * |
| Webkitgtk | Ubuntu | xenial | * |
| Webkitgtk | Ubuntu | yakkety | * |
References
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
- http://www.securityfocus.com/bid/93056
- http://www.securitytracker.com/id/1036858
- https://support.apple.com/HT207143
- https://support.apple.com/HT207170
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
- http://www.securityfocus.com/bid/93056
- http://www.securitytracker.com/id/1036858
- https://support.apple.com/HT207143
- https://support.apple.com/HT207170