SB2016102617 - Arbitrary code execution in Apple iOS



SB2016102617 - Arbitrary code execution in Apple iOS

Published: October 26, 2016

Security Bulletin ID SB2016102617
CSH Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Arbitrary code execution (CVE-ID: CVE-2016-4675)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists due to insufficient access control. Bypassing seсurity restrictions, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.