Information disclosure in Apple iOS - CVE-2016-7579
Published: October 25, 2016 / Updated: October 26, 2016
Vulnerability identifier: #VU1068
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7579
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote authenticated user to obtain potentially sensistive information on the target system.
The weakness is due to improper handling of proxy credentials. By removing unsolicited proxy password authentication prompts, attackers can cause memory leak and access valid user's credentials.
Successfull exploitation of the vulnerability leads to disclosure of importnat data on the vulnerable system.
The weakness is due to improper handling of proxy credentials. By removing unsolicited proxy password authentication prompts, attackers can cause memory leak and access valid user's credentials.
Successfull exploitation of the vulnerability leads to disclosure of importnat data on the vulnerable system.
How to mitigate CVE-2016-7579
Update to version 10.1.