Main Vulnerability Database Vulnerabilities #VU56900

#VU56900 Permissions, Privileges, and Access Controls in Apple iOS and iPadOS

Published: September 27, 2021

Vulnerability identifier: #VU56900

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a malicious application to escalate privileges on the system.

The vulnerability exists due to the XPC service com.apple.gamed does not properly check enforce restrictions for installed applications. A malicious application installed on the device can gain access to sensitive information or bypass sandbox restrictions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://habr.com/ru/post/579714/
https://github.com/illusionofchaos/ios-gamed-0day

#VU56900 Permissions, Privileges, and Access Controls in Apple iOS and iPadOS

Description

Remediation

External links

Please verify you're human