SB2016102505 - Information disclosure in Apple iOS
Published: October 25, 2016 Updated: October 26, 2016
Security Bulletin ID
SB2016102505
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-7579)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated user to obtain potentially sensistive information on the target system.
The weakness is due to improper handling of proxy credentials. By removing unsolicited proxy password authentication prompts, attackers can cause memory leak and access valid user's credentials.
Successfull exploitation of the vulnerability leads to disclosure of importnat data on the vulnerable system.
Remediation
Install update from vendor's website.