#VU1075 Arbitrary code execution in Apple iOS - CVE-2016-4666
Published: October 26, 2016
Vulnerability identifier: #VU1075
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-4666
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
Apple iOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists due to insufficient input validation. By processing a specially crafted web content, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to insufficient input validation. By processing a specially crafted web content, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Update to version 10.1.