#VU1069 Arbitrary code execution in Apple iOS - CVE-2016-4673
Published: October 26, 2016
Vulnerability identifier: #VU1069
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4673
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness is due to improper memory handling. By persuading the victim to view a specially crafted JPEG file, attackers can cause execute arbitrary code.
Successfull exploitation of the vulnerability leads to arbitrary code excution on the vulnerable system.
The weakness is due to improper memory handling. By persuading the victim to view a specially crafted JPEG file, attackers can cause execute arbitrary code.
Successfull exploitation of the vulnerability leads to arbitrary code excution on the vulnerable system.
Remediation
Update to version 10.1.