Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2016-4635

Published: 22/07/2016 Updated: 01/09/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to Apple

Vulnerability Summary

FaceTime in Apple iOS prior to 9.3.3 and OS X prior to 10.11.6 allows man-in-the-middle malicious users to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple mac os x

Recent Articles

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad
The Register • Shaun Nichols in San Francisco • 24 Oct 2016

Get patching now

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV. Miscreants who exploit these flaws can take over the vulnerable device – all a victim has to do is open a JPEG or PDF file booby-trapped with malicious code, so get patching before you're caught out. The fixes come just days before the Cupertino developer of TextEdit is set to hold a special event to introduce a (presumed) refresh o...

Read more...
Apple kills eavesdrop bug in FaceTime
The Register • Shaun Nichols in San Francisco • 19 Jul 2016

Flaws also squashed in Safari, iTunes and iOS

Apple has released a bundle of patches to fix security holes in OS X, iOS, iTunes and Safari. The bevy of updates also includes fixes for a number of issues in Apple's iCloud and iTunes for Windows software. Among the most startling vulnerabilities addressed in the updates is a man-in-the-middle flaw discovered in FaceTime by researcher Martin Vigo. That flaw, CVE-2016-4635, would allow an attacker who had access to network traffic to eavesdrop on the audio portion of FaceTime calls even after t...

Read more...

References

CWE-200http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttps://support.apple.com/HT206903https://support.apple.com/HT206902http://www.securityfocus.com/bid/91829http://www.securitytracker.com/id/1037086http://www.securitytracker.com/id/1036344https://nvd.nist.govhttps://www.theregister.co.uk/2016/10/24/apple_security_update/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook