Main Vulnerability Database Exploits ID:1848 - Exploit for Memory corruption in Apple iOS and macOS - CVE-2016-4656

ID:1848 - Exploit for Memory corruption in Apple iOS and macOS - CVE-2016-4656

Published: March 18, 2020

Vulnerability identifier: #VU4574

Vulnerability risk: Medium

CVE-ID: CVE-2016-4656

CWE-ID: CWE-119

Exploitation vector: Local access

Vulnerable software:
Apple iOS
macOS

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/apple_ios/browser/webkit_trident

Vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a boundary error when processing a malicious application. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Update Apple iOS to version 9.3.5.
Update MAC OS X to version 10.11.6.

ID:1848 - Exploit for Memory corruption in Apple iOS and macOS - CVE-2016-4656

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human