CVE-2016-1760Improper Access Control in Apple Iphone OS

CWE-284Improper Access Control3 documents3 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 82.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedMar 29
Latest updateMay 17

Description

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

NVDapple/iphone_os9.2.1
Appleapple/ios9.3

🔴Vulnerability Details

1
GHSA
GHSA-8f4v-25qr-7hf6: The XPC Services API in LaunchServices in Apple iOS before 92022-05-17

📋Vendor Advisories

1
Apple
CVE-2016-1760: iOS 9.3