CVE-2016-1802

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

• CWE-200

• http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlMailing List, Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlMailing List, Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlMailing List, Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlMailing List, Vendor Advisory
• http://www.securityfocus.com/bid/90694Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1035890Third Party Advisory, VDB Entry
• https://support.apple.com/HT206564Vendor Advisory
• https://support.apple.com/HT206566Vendor Advisory
• https://support.apple.com/HT206567Vendor Advisory
• https://support.apple.com/HT206568Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlMailing List, Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlMailing List, Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlMailing List, Vendor Advisory
• http://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlMailing List, Vendor Advisory
• http://www.securityfocus.com/bid/90694Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id/1035890Third Party Advisory, VDB Entry
• https://support.apple.com/HT206564Vendor Advisory
• https://support.apple.com/HT206566Vendor Advisory
• https://support.apple.com/HT206567Vendor Advisory
• https://support.apple.com/HT206568Vendor Advisory

Published

May 20, 2016

Last Modified

Jun 17, 2026

Status

Modified