Main Vulnerability Database Vulnerabilities #VU6951

#VU6951 Access bypass in libimobiledevice and libusbmuxd - CVE-2016-5104

Published: June 6, 2017 / Updated: June 7, 2017

Vulnerability identifier: #VU6951

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-5104

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
libimobiledevice
libusbmuxd

Software vendor:
libimobiledevice

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to an error in the socket_create function in common/socket.c in libimobiledevice and libusbmuxd. A remote attacker can connect to an IPv4 TCP socket, bypass intended access restrictions and communicate with services on iOS devices.

Successful exploitation of the vulnerability results in security bypass.

Remediation

Update libusbmuxd to version 1.0.10-2.
Update libimobiledevice to version 1.2.0-4.

#VU6951 Access bypass in libimobiledevice and libusbmuxd - CVE-2016-5104

Description

Remediation

External links