Information disclosure in Apple iOS and macOS - CVE-2016-4635
Published: October 26, 2016 / Updated: January 13, 2017
Vulnerability identifier: #VU1070
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4635
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
macOS
Apple iOS
macOS
Detailed vulnerability description
The vulnerability allows a remote authenticated user to disclose information.
The weakness exists due to improper processing of relayed call and allows attackers to cause audio transmission after call determination.
Successfull exploitation of the vulnerability results in disclosure of the valid user's personal information.
The weakness exists due to improper processing of relayed call and allows attackers to cause audio transmission after call determination.
Successfull exploitation of the vulnerability results in disclosure of the valid user's personal information.
How to mitigate CVE-2016-4635
Update to version 10.1.