PT-2017-1355 · Apple · Watchos+2
Daybreaker
·
Published
2017-02-20
·
Updated
2018-10-30
·
CVE-2016-7591
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
iOS versions prior to 10.2
macOS versions prior to 10.12.2
watchOS versions prior to 3.1.3
Description
The issue involves the
IOHIDFamily component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. This is related to the use of memory after it has been freed, which can be exploited by an attacker to achieve the aforementioned outcomes.Recommendations
For iOS versions prior to 10.2, update to version 10.2 or later to resolve the issue.
For macOS versions prior to 10.12.2, update to version 10.12.2 or later to resolve the issue.
For watchOS versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ios
Apple Macos
Watchos