| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $5k-$25k | 0.00 |
A vulnerability was found in Apple iOS 10.0.1 (Smartphone Operating System). It has been rated as problematic. Affected by this issue is an unknown code block of the component Browser. The manipulation with an unknown input leads to a denial of service vulnerability (Temporary). Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability.
The bug was discovered 09/27/2016. The weakness was published 10/10/2016 by Marc Ruef and Simon Zumstein with scip AG as sID 92510 as confirmed entry (VulDB). The advisory is available at vuldb.com. The public release has been coordinated with the vendor. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment (estimation calculated on 10/10/2016). It is expected to see the exploit prices for this product increasing in the near future.The site keeps loading forever. Sometimes after 1-2 minutes a blank site or a site with object elements of the last site is shown. The issue was tested it on an iPhone 6S and a brand-new iPhone 7. On both devices with Safari and Google Chrome (latest update). The devices were getting really hot and in some cases the browsers aren't usable afterwards anymore. The user would have to close the tab or the app to regain full functionality of the browser.
A private exploit has been developed by Marc Ruef in HTML/CSS. It is declared as functional. The vulnerability was handled as a non-public zero-day exploit for at least 13 days. During that time the estimated underground price was around $25k-$100k. The real existence of this vulnerability is still doubted at the moment.
Apple replied that "[a]fter examining your report we do not see any actual security implications." Further verification of the issue was not possible after this reply. It remains unclear if Apple was able to patch this issue without knowledge of the user.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Name: TemporaryClass: Denial of service / Temporary
CWE: CWE-404
ATT&CK: T1499
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Functional
Author: Marc Ruef
Programming Language: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
09/27/2016 🔍09/28/2016 🔍
10/07/2016 🔍
10/10/2016 🔍
10/10/2016 🔍
10/10/2016 🔍
Sources
Vendor: apple.comAdvisory: sID 92510
Researcher: Marc Ruef, Simon Zumstein
Organization: scip AG
Status: Confirmed
Coordinated: 🔍
Disputed: 🔍
scip Labs: https://www.scip.ch/en/?labs.20150917
Entry
Created: 10/10/2016 15:03Changes: 10/10/2016 15:03 (59), 10/10/2016 15:05 (2)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.