CVE-2016-7651 Information

Description

An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the \Accounts\ component which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

http://www.securityfocus.com/bid/94851 http://www.securitytracker.com/id/1037429 https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html https://support.apple.com/HT207422 https://support.apple.com/HT207487

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

5.3