Published: 20/02/2017 Updated: 22/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in certain Apple products. iOS prior to 10.1 is affected. macOS prior to 10.12.1 is affected. tvOS prior to 10.0.1 is affected. watchOS prior to 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x
apple tvos
apple watchos

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

The Register • Shaun Nichols in San Francisco • 24 Oct 2016

Get patching now

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV. Miscreants who exploit these flaws can take over the vulnerable device – all a victim has to do is open a JPEG or PDF file booby-trapped with malicious code, so get patching before you're caught out. The fixes come just days before the Cupertino developer of TextEdit is set to hold a special event to introduce a (presumed) refresh o...

CVE-2016-4673

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect