CVE-2016-1766

MEDIUM

Description

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

http://www.securitytracker.com/id/1035353

http://www.zerodayinitiative.com/advisories/ZDI-16-314

https://support.apple.com/HT206166

Details

Source: MITRE

Published: 2016-03-24

Updated: 2016-12-03

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH