⚠ Actively exploited
Added to CISA KEV on 2022-05-24. Federal agencies required to patch by 2022-06-14. Required action: Apply updates per vendor instructions..

CVE-2016-4655Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure9 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
81.7%
top 0.81%
CISA KEV
KEV
Added 2022-05-24
Due 2022-06-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Apple Iphone OSApple IOSApple Security Update 2016-001 EL Capitan AND Security Update 2016-005 Yosemite
Timeline
PublishedAug 25
KEV addedMay 24
KEV dueJun 14
CISA Required Action: Apply updates per vendor instructions.

Description

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDapple/iphone_os< 9.3.5+1
Appleapple/ios10.0.1, 9.3.5+1

🔴Vulnerability Details

2
GHSA
GHSA-32m2-83j8-f3hg: The kernel in Apple iOS before 92022-05-14
VulnCheck
Apple iOS Information Disclosure Vulnerability2016

💥Exploits & PoCs

2
Exploit-DB
WebKit - not_number defineProperties UAF (Metasploit)2018-06-05
Metasploit
WebKit not_number defineProperties UAF

📋Vendor Advisories

4
CISA
Apple iOS Information Disclosure Vulnerability2022-05-24
Apple
CVE-2016-4655: iOS 10.0.12016-09-13
Apple
CVE-2016-4655: Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite2016-09-01
Apple
CVE-2016-4655: iOS 9.3.52016-08-25