Apple · Ios · CVE-2016-1766
**Name of the Vulnerable Software and Affected Versions**
Apple iOS versions prior to 9.3
**Description**
The issue is related to the Profiles component in Apple iOS, which does not properly validate certificates. This allows attackers to spoof an MDM profile trust relationship via unspecified vectors. The vulnerability can be exploited by a remote attacker to substitute a trusted MDM profile.
**Recommendations**
For Apple iOS versions prior to 9.3, update to version 9.3 or later to resolve the issue.