Vulnerability Description
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 9.2.1 |
References
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlVendor Advisory
- http://www.securitytracker.com/id/1035353
- http://www.zerodayinitiative.com/advisories/ZDI-16-314
- https://support.apple.com/HT206166Vendor Advisory
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlVendor Advisory
- http://www.securitytracker.com/id/1035353
- http://www.zerodayinitiative.com/advisories/ZDI-16-314
- https://support.apple.com/HT206166Vendor Advisory
FAQ
What is CVE-2016-1766?
CVE-2016-1766 is a vulnerability with a CVSS score of 7.5 (HIGH). The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
How severe is CVE-2016-1766?
CVE-2016-1766 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1766?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.