CVE-2016-4749
low
CVSS v3
3.3
CVSS v2
2.1
VIR risk
3.3
Description
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
Predictions
Exploit likelihood
34%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/HT207143
Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
- http://www.securityfocus.com/bid/92932
- http://www.securitytracker.com/id/1036797
- https://support.apple.com/HT207143
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html
- http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
- http://www.securityfocus.com/bid/92932
- http://www.securitytracker.com/id/1036797
- https://support.apple.com/HT207143
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.