CVE-2016-4620 Information
Feb 14, 2021
cve
Description
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories which allows attackers to discover text-message recipients via a crafted app.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Reference
http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
3.3
Share on: