SB2016102616 - Modification of Information in Apple iOS



SB2016102616 - Modification of Information in Apple iOS

Published: October 26, 2016

Security Bulletin ID SB2016102616
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Modification of Information (CVE-ID: CVE-2016-4679)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated user to modify information on the target system
The weakness exists due to improper path validation logic for symlinks and lets overwrite arbitrary files.
Successfull exploitation of the vulnerability results in modification of information on the vulnerable system.

Remediation

Install update from vendor's website.