CVE-2016-4698

Loading...

General

Score:9.3/10.0
Severity:High
Category:Input Validation Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-0755, CVE-2016-4611, CVE-2016-4617, CVE-2016-4618, CVE-2016-4620, CVE-2016-4658, CVE-2016-4682, CVE-2016-4694, CVE-2016-4696, CVE-2016-4697, CVE-2016-4699, CVE-2016-4700, CVE-2016-4701, CVE-2016-4702, CVE-2016-4703, CVE-2016-4706, CVE-2016-4707, CVE-2016-4708, CVE-2016-4709, CVE-2016-4710, CVE-2016-4711, CVE-2016-4712, CVE-2016-4713, CVE-2016-4715, CVE-2016-4716, CVE-2016-4717, CVE-2016-4718, CVE-2016-4719, CVE-2016-4722, CVE-2016-4723, CVE-2016-4724, CVE-2016-4725, CVE-2016-4726, CVE-2016-4727, CVE-2016-4728, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4736, CVE-2016-4737, CVE-2016-4738, CVE-2016-4739, CVE-2016-4740, CVE-2016-4741, CVE-2016-4742, CVE-2016-4745, CVE-2016-4746, CVE-2016-4747, CVE-2016-4748, CVE-2016-4749, CVE-2016-4750, CVE-2016-4752, CVE-2016-4753, CVE-2016-4755, CVE-2016-4758, CVE-2016-4759, CVE-2016-4760, CVE-2016-4762, CVE-2016-4763, CVE-2016-4764, CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778, CVE-2016-4779, CVE-2016-5131, CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6174, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, CVE-2016-7580, CVE-2016-7582, CVE-2016-7759

Published on 25/09/16 - Updated on 30/07/17

Description

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2016-4698
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-316
Apple HT207143, HT207170

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
appleiphone_os
applemac_os_x

Share this vulnerability with:

Twitter Facebook LinkedIn Mail