CVE-2016-4655
CVE-2016-4655
In short
A flaw in Apple iOS before version 9.3.5 allows attackers to read sensitive information stored in device memory by running a specially designed app. This can expose private data like passwords or personal information.
Technical detail
Memory disclosure vulnerability in iOS kernel prior to 9.3.5 exploitable through a malicious local app without elevated privileges. The vulnerability allows arbitrary memory read operations, enabling information disclosure of kernel or user-space sensitive data.
Summary generated and translated by AI from the official description.
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/jndok/PegasusX★ 103githubgithub.com/Cryptiiiic/skybreak★ 10githubgithub.com/liangle1986126z/jndok★ 0cve_referencewww.exploit-db.com/exploits/44836/unverifiedexploitdbwww.exploit-db.com/exploits/44836unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00005.htmlhttps://blog.lookout.com/blog/2016/08/25/trident-pegasus/https://support.apple.com/HT207107https://support.apple.com/HT207145https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4655https://www.exploit-db.com/exploits/44836/http://www.securityfocus.com/bid/92651http://www.securityfocus.com/bid/92965http://www.securitytracker.com/id/1036694