#VU1075 Arbitrary code execution in Apple iOS
Vulnerability identifier: #VU1075
Vulnerability risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Apple iOS
Operating systems & Components /
Operating system
Vendor: Apple Inc.
Description
The vulnerability allows a remote authenticated user to execute arbitrary code on the target system.
The weakness exists due to insufficient input validation. By processing a specially crafted web content, attackers can execute arbitrary code with root privileges.
Successfull exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Mitigation
Update to version 10.1.
Vulnerable software versions
Apple iOS: 10.0.0 - 10.0.1, 9.3.0 - 9.3.5, 9.1.0, 9.0.0 - 9.0.2
External links
http://support.apple.com/en-us/HT207271
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
