CVE-2016-1760

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 9.3

Description The issue is related to the XPC Services API in LaunchServices, which has inadequate access control. This allows an attacker to bypass event-handler restrictions and modify events of arbitrary apps using a crafted app. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 9.3, update to iOS version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XPC Services API in LaunchServices to minimize the risk of exploitation.