CVE-2016-7630
Apple iOS legacy-diagnostics Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.
Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente "WebSheet", que permite a atacantes eludir el mecanismo de protección de aislamiento a través de vectores no especificados.
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must connect to a WiFi access point.
The specific flaw exists within the usage of the legacy-diagnostics protocol handler. The issue lies in the launching of a diagnostic application that is able to render webpages outside of the sandbox. An attacker can leverage this vulnerability to escalate privileges outside the context of the sandbox.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2017-02-20 CVE Published
- 2024-06-29 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features