Arbitrary code execution in Apple iOS - CVE-2016-4673
Published: October 26, 2016
Vulnerability identifier: #VU1069
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4673
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness is due to improper memory handling. By persuading the victim to view a specially crafted JPEG file, attackers can cause execute arbitrary code.
Successfull exploitation of the vulnerability leads to arbitrary code excution on the vulnerable system.
The weakness is due to improper memory handling. By persuading the victim to view a specially crafted JPEG file, attackers can cause execute arbitrary code.
Successfull exploitation of the vulnerability leads to arbitrary code excution on the vulnerable system.
How to mitigate CVE-2016-4673
Update to version 10.1.