SB2016102616 - Modification of Information in Apple iOS
Published: October 26, 2016
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Modification of Information (CVE-ID: CVE-2016-4679)
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated user to modify information on the target system
The weakness exists due to improper path validation logic for symlinks and lets overwrite arbitrary files.
Successfull exploitation of the vulnerability results in modification of information on the vulnerable system.
Remediation
Install update from vendor's website.