CVE-2016-1734

MEDIUM

Apple <9.3-10.11.4 - RCE/DoS

Title source: llm

Description

AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.

Exploits (1)

nomisec WRITEUP

by Manouchehri · poc

https://github.com/Manouchehri/CVE-2016-1734

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

[Vendor Advisory] https://support.apple.com/HT206166

[Vendor Advisory] https://support.apple.com/HT206167

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035353

Scores

CVSS v3 6.8

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119 CWE-264

Status draft

Affected Products (2)

apple/iphone_os < 9.2.1

apple/mac_os_x < 10.11.3

Timeline

Published Mar 24, 2016

Tracked Since Feb 18, 2026