#VU1070 Information disclosure in Apple iOS and macOS - CVE-2016-4635
Published: October 26, 2016 / Updated: January 13, 2017
Vulnerability identifier: #VU1070
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4635
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
macOS
Apple iOS
macOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote authenticated user to disclose information.
The weakness exists due to improper processing of relayed call and allows attackers to cause audio transmission after call determination.
Successfull exploitation of the vulnerability results in disclosure of the valid user's personal information.
The weakness exists due to improper processing of relayed call and allows attackers to cause audio transmission after call determination.
Successfull exploitation of the vulnerability results in disclosure of the valid user's personal information.
Remediation
Update to version 10.1.