CVE-2016-4656
CVE-2016-4656
Vexday Risk Score
91Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 23.6%KEV simPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
25 Aug 2016Metasploit module available
25 Aug 2016Published on NVD
05 Jun 2018Public PoC
24 May 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Apple iOS before version 9.3.5 allows attackers to run unauthorized code with high privileges or crash the system by submitting a specially crafted application. This is dangerous because it lets attackers take full control of your device or disable it.
Technical detail
A buffer overflow vulnerability (CWE-787) in the iOS kernel allows a malicious app to write data beyond allocated memory boundaries. Exploitation requires the victim to install a crafted app, leading to arbitrary code execution in kernel context or denial of service through memory corruption.
Summary generated and translated by AI from the official description.
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44836/unverifiedexploitdbwww.exploit-db.com/exploits/44836unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.htmlhttps://blog.lookout.com/blog/2016/08/25/trident-pegasus/https://support.apple.com/HT207107https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4656https://www.exploit-db.com/exploits/44836/http://www.securityfocus.com/bid/92652http://www.securitytracker.com/id/1036694