CVE-2016-7651medium
Description
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
References
http://www.securityfocus.com/bid/94851
http://www.securitytracker.com/id/1037429
https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html
Details
Source: MITRE
Published: 2017-02-20
Updated: 2018-10-30
Type: CWE-285
Risk Information
CVSS v2
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
CVSS v3
Base Score: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Impact Score: 3.4
Exploitability Score: 1.8
Severity: MEDIUM