CVE-2016-7651
First published: Mon Feb 20 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iOS | <=10.1.1 | |
| Apple iOS, iPadOS, and watchOS | <=2.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-7651?
CVE-2016-7651 has been rated as having a medium severity due to its ability to allow local users to bypass intended authorization restrictions.
How do I fix CVE-2016-7651?
To fix CVE-2016-7651, ensure that your device is updated to iOS 10.2 or later for iPhone devices and watchOS 3.1.1 or later for Apple Watch.
Which versions of iOS are affected by CVE-2016-7651?
CVE-2016-7651 affects versions of iOS prior to 10.2.
Which versions of watchOS are impacted by CVE-2016-7651?
CVE-2016-7651 affects watchOS versions prior to 3.1.1.
What component does CVE-2016-7651 involve?
CVE-2016-7651 involves the 'Accounts' component, which is vulnerable due to mishandling during app uninstall.
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/ios
- version/ios/10.1.1
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/2.2.2