Arbitrary code execution in Apple iOS - CVE-2016-4675
Published: October 26, 2016
Vulnerability identifier: #VU1074
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4675
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists due to insufficient access control. Bypassing seсurity restrictions, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to insufficient access control. Bypassing seсurity restrictions, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-4675
Update to version 10.1.