CVE-2016-1789

MEDIUM

Apple iBooks Author <2.4.1 - Info Disclosure

Title source: llm

Description

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (2)

[Mailing List] http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html

[Vendor Advisory] https://support.apple.com/kb/HT206224

Scores

CVSS v3 5.5

EPSS 0.0056

EPSS Percentile 68.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

Status draft

Affected Products (1)

apple/ibooks_author < 2.4.0

Timeline

Published Apr 05, 2016

Tracked Since Feb 18, 2026