Arbitrary code execution in Apple iOS - CVE-2016-4666
Published: October 26, 2016
Vulnerability identifier: #VU1075
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4666
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists due to insufficient input validation. By processing a specially crafted web content, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to insufficient input validation. By processing a specially crafted web content, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-4666
Update to version 10.1.