Vulnerability Details : CVE-2016-4686
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.
Products affected by CVE-2016-4686
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4686
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4686
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST | |
|
4.4
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
1.8
|
2.5
|
NIST |
CWE ids for CVE-2016-4686
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4686
-
https://support.apple.com/HT207271
About the security content of iOS 10.1 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/93848
Apple iOS CVE-2016-4686 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037088
Apple iOS Access Control Flaws Let Applications Obtain Potentially Sensitive Information on the Target System - SecurityTracker
Jump to