CVE-2016-4655

HIGH

Description

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

References

http://lists.apple.com/archives/security-announce/2016/Aug/msg00000.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00005.html

http://www.securityfocus.com/bid/92651

http://www.securityfocus.com/bid/92965

http://www.securitytracker.com/id/1036694

https://blog.lookout.com/blog/2016/08/25/trident-pegasus/

https://support.apple.com/HT207107

https://support.apple.com/HT207145

https://www.exploit-db.com/exploits/44836/

Details

Source: MITRE

Published: 2016-08-25

Updated: 2018-06-08

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (8 total)

ID	Name	Product	Family	Severity
9622	Apple iOS < 10.0.1 Information Disclosure	Nessus Network Monitor	Mobile Devices	high
93525	Apple iOS < 10.0.1 Kernel Memory Information Disclosure (Trident)	Nessus	Mobile Devices	high
9548	Apple iOS 9.3.x < 9.3.5 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
93317	Mac OS X Multiple Vulnerabilities (Security Updates 2016-001 / 2016-005)	Nessus	MacOS X Local Security Checks	high
93124	Apple iOS < 9.3.5 Multiple Vulnerabilities (Trident)	Nessus	Mobile Devices	high
9481	Apple iOS 9.3.x < 9.3.4 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	medium
9441	Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
9440	Mac OS X 10.11.x < 10.11.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high