CVE-2016-7626

HIGH

Apple Iphone OS < 10.2 - Memory Corruption

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7626. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This is a writeup describing a memory corruption vulnerability in iOS 10.1.x through maliciously crafted certificate files. The vulnerability can be triggered via Mobile Safari or Mail app, leading to crashes in processes like 'profiled' and 'Preferences'.

Description

An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maksymilian Arciemowicz · textdosios

https://www.exploit-db.com/exploits/40906

View Code ZIP pw:eip

This is a writeup describing a memory corruption vulnerability in iOS 10.1.x through maliciously crafted certificate files. The vulnerability can be triggered via Mobile Safari or Mail app, leading to crashes in processes like 'profiled' and 'Preferences'.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: iOS 10.1.x

No auth needed

Prerequisites: Access to deliver a maliciously crafted certificate file via email or web link

MITRE ATT&CK