CVE-2016-4656
CVE-2016-4656
In short
A flaw in Apple iOS before version 9.3.5 allows attackers to run unauthorized code with high privileges or crash the system by submitting a specially crafted application. This is dangerous because it lets attackers take full control of your device or disable it.
Technical detail
A buffer overflow vulnerability (CWE-787) in the iOS kernel allows a malicious app to write data beyond allocated memory boundaries. Exploitation requires the victim to install a crafted app, leading to arbitrary code execution in kernel context or denial of service through memory corruption.
Summary generated and translated by AI from the official description.
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44836/unverifiedexploitdbwww.exploit-db.com/exploits/44836unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.htmlhttps://blog.lookout.com/blog/2016/08/25/trident-pegasus/https://support.apple.com/HT207107https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4656https://www.exploit-db.com/exploits/44836/http://www.securityfocus.com/bid/92652http://www.securitytracker.com/id/1036694