CVE-2016-7601Apple Iphone OS vulnerability

CWE-2546 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 69.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedFeb 20
Latest updateMay 17

Description

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDapple/iphone_os10.1.1
Appleapple/ios10.2

🔴Vulnerability Details

1
GHSA
GHSA-5vmm-x7hw-3xrf: An issue was discovered in certain Apple products2022-05-17

💥Exploits & PoCs

3
Exploit-DB
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)2016-03-07
Exploit-DB
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Local Privilege Escalation (MS16-016) (1)2016-02-10
Exploit-DB
Konica Minolta FTP Utility 1.00 - CWD Command Overflow (SEH)2016-01-11

📋Vendor Advisories

1
Apple
CVE-2016-7601: iOS 10.22016-12-12