CVE-2016-4686

MEDIUM

Apple Iphone OS < 10.0.3 - Access Control

Title source: rule

Description

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93848

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037088

[Vendor Advisory] https://support.apple.com/HT207271

Scores

CVSS v3 4.4

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-264

Status published

Affected Products (2)

apple/iphone_os < 10.0.3

n/a/n/a

Timeline

Published Feb 20, 2017

Tracked Since Feb 18, 2026