CVE-2016-4669
CVE-2016-4669
Patch soon. has a working public exploit.
Vexday Risk Score
38Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 3.7%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
25 Aug 2016Metasploit module available
31 Oct 2016Public PoC
20 Feb 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/i-o-s/CVE-2016-4669★ 0cve_referencepacketstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40654/unverifiedexploitdbwww.exploit-db.com/exploits/40654unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.htmlhttps://support.apple.com/HT207269https://support.apple.com/HT207270https://support.apple.com/HT207271https://support.apple.com/HT207275https://www.exploit-db.com/exploits/40654/http://www.securityfocus.com/bid/93849http://www.securitytracker.com/id/1037086