#VU1068 Information disclosure in Apple iOS - CVE-2016-7579
Published: October 25, 2016 / Updated: October 26, 2016
Vulnerability identifier: #VU1068
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7579
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote authenticated user to obtain potentially sensistive information on the target system.
The weakness is due to improper handling of proxy credentials. By removing unsolicited proxy password authentication prompts, attackers can cause memory leak and access valid user's credentials.
Successfull exploitation of the vulnerability leads to disclosure of importnat data on the vulnerable system.
The weakness is due to improper handling of proxy credentials. By removing unsolicited proxy password authentication prompts, attackers can cause memory leak and access valid user's credentials.
Successfull exploitation of the vulnerability leads to disclosure of importnat data on the vulnerable system.
Remediation
Update to version 10.1.