CVE-2016-1831Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 56.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple Iphone OSApple MAC OS XApple Tvos+3 more
Timeline
PublishedMay 20
Latest updateMay 14

Description

The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDapple/tvos9.2
NVDapple/watchos2.2
NVDapple/mac_os_x10.11.4
NVDapple/iphone_os9.3.1
Appleapple/ios9.3.2

🔴Vulnerability Details

1
GHSA
GHSA-5g2v-h242-hcm5: The kernel in Apple iOS before 92022-05-14

📋Vendor Advisories

2
Apple
CVE-2016-1831: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple
CVE-2016-1831: iOS 9.3.2