Return value mishandling in CCCrypt in CommonCrypto in Apple iOS, OS X, tvOS, and watchOS

Return value mishandling in CCCrypt in CommonCrypto in Apple iOS, OS X, tvOS, and watchOS

CVE-2016-1802 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

Learn more about our Cis Benchmark Audit For Apple Ios.