Vulnerability Details : CVE-2016-7626
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2016-7626
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7626
9.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7626
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7626
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7626
-
https://www.exploit-db.com/exploits/40906/
iOS 10.1.x - Certificate File Memory CorruptionExploit;Third Party Advisory;VDB Entry
-
https://support.apple.com/HT207487
About the security content of watchOS 3.1.3 - Apple SupportVendor Advisory
-
https://support.apple.com/HT207425
About the security content of tvOS 10.1 - Apple SupportVendor Advisory
-
https://support.apple.com/HT207422
About the security content of iOS 10.2 - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1037429
Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service and Let Local Users Bypass Security Restrictions - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94852
Apple iOS/WatchOS/tvOS CVE-2016-7626 Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html
Apple - Lists.apple.comMailing List;Vendor Advisory
Jump to