Описание
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
Ссылки
- Third Party AdvisoryVDB Entry
- Mailing ListVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListVendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.1.1 (включая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.2.2 (включая)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
5.3 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-285
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
fstec
почти 9 лет назад
Уязвимость операционной системы iOS, позволяющая нарушителю обойти существующую политику авторизации
EPSS
Процентиль: 19%
0.00061
Низкий
5.3 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-285