CVE-2016-4654Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-2644 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple IOSApple Iphone OS
Timeline
PublishedAug 18
Latest updateMay 17

Description

IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Appleapple/ios9.3.4
NVDapple/iphone_os9.3.3

🔴Vulnerability Details

2
GHSA
GHSA-9q4f-7gx3-crx3: IOMobileFrameBuffer in Apple iOS before 92022-05-17
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01

📋Vendor Advisories

1
Apple
CVE-2016-4654: iOS 9.3.42016-08-04