| Vulnerability Name: | CVE-2016-4664 (CCN-118483) | ||||||||||||
| Assigned: | 2016-10-24 | ||||||||||||
| Published: | 2016-10-24 | ||||||||||||
| Updated: | 2019-03-08 | ||||||||||||
| Summary: | An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app. | ||||||||||||
| CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) 2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-4664 Source: BID Type: Third Party Advisory, VDB Entry 93854 Source: CCN Type: BID-93854 Apple iOS/tvOS/WatchOS Multiple Information Disclosure Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1037088 Source: XF Type: UNKNOWN appleios-cve20164664-info-disc(118483) Source: CCN Type: Apple security document HT207269 About the security content of watchOS 3.1 Source: CCN Type: Apple security document HT207270 About the security content of tvOS 10.0.1 Source: CCN Type: Apple Web site About the security content of iOS 10.1 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207269 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207270 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207271 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||