Zero-day Vulnerability Database

Change view:

Zero-day vulnerabilities discovered: 3

Multiple vulnerabilities in Apple iOS
CVE-2016-4657

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in WebKit. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability was being actively exploited.

i

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Software: Apple iOS

Known/fameous malware:

Trident exploit.

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Multiple vulnerabilities in Apple iOS
CVE-2016-4656

Memory corruption

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to a boundary error when processing a malicious application. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with SYSTEM privileges.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.

i

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Software: Apple iOS

Known/fameous malware:

Trident exploit.

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Multiple vulnerabilities in Apple iOS
CVE-2016-4655

Information disclosure

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation. A remote attacker can run a specially crafted application, bypass security restrictions and obtain portions of kernel memory.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Note: the vulnerability was being actively exploited.


i

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Software: Apple iOS

Known/fameous malware:

Trident exploit.

The Citizen Lab discovery exposed three zero-day exploits ((CVE-2016-4655, CVE-2016-4656, CVE-2016-4657)) used by “Pegasus”, a lawful interception cyberespionage tool developed by the Israeli-based NSO Group and sold to government agencies (UAE Human Rights Defender (Ahmed Mansoor)).

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.