The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
References
Configurations
Information
Published : 2016-09-18 15:59
Updated : 2017-08-12 18:29
NVD link : CVE-2016-4620
Mitre link : CVE-2016-4620
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apple
- iphone_os