VYPR
← All advisories
Low severity3.3NVD Advisory· Published Feb 20, 2017· Updated May 13, 2026

CVE-2016-4665

CVE-2016-4665

Description

A crafted app can read audio-recording metadata on iOS, tvOS, and watchOS due to insufficient sandbox restrictions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted app can read audio-recording metadata on iOS, tvOS, and watchOS due to insufficient sandbox restrictions.

Vulnerability

The vulnerability resides in the "Sandbox Profiles" component of Apple iOS (prior to 10.1), tvOS (prior to 10.0.1), and watchOS (prior to 3.1). A crafted application can bypass sandbox restrictions to read metadata associated with audio recordings. The affected products are iOS before 10.1, tvOS before 10.0.1, and watchOS before 3.1 [1][2][3].

Exploitation

An attacker must convince the user to install a specially crafted app. No other special network position or authentication is required; once the app is installed and executed on the device, it can directly access audio-recording metadata without additional user interaction.

Impact

A successful exploit allows the crafted app to read audio-recording metadata, leading to disclosure of potentially sensitive information (e.g., recording dates, duration, or file names). The attacker does not gain access to the audio content itself, only metadata. No other system compromise is achieved.

Mitigation

Apple addressed this issue in iOS 10.1, tvOS 10.0.1, and watchOS 3.1, all released on October 24, 2016 [1][2][3]. Users should update their devices to these or later versions. There is no workaround for older, unpatched versions.

References
  1. About the security content of iOS 10.1 - Apple Support
  2. About the security content of tvOS 10.0.1 - Apple Support
  3. About the security content of watchOS 3.1 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Apple Inc./Iphone OS
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=10.0.3
  • Apple Inc./tvOS2 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=10.0
    • (no CPE)range: <10.0.1
  • Apple Inc./watchOS2 versions
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=2.2.2
    • (no CPE)range: <3.1
  • Apple Inc./iOSllm-fuzzy
    Range: <10.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.