PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-4690 Apple CVE debrief

CVE-2016-4690 is a publicly disclosed Apple iOS vulnerability affecting versions before 10.2. According to the NVD record and Apple’s referenced advisory, the issue is in the Image Capture component and can allow arbitrary code execution when an attacker uses a crafted USB HID device. The attack path is physically proximate rather than remote, but the potential impact is high because successful exploitation could affect confidentiality, integrity, and availability.

Vendor
Apple
Product
CVE-2016-4690
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-20
Original CVE updated
2026-05-13
Advisory published
2017-02-20
Advisory updated
2026-05-13

Who should care

Administrators and users managing Apple iPhones or iPads on affected iOS versions before 10.2 should treat this as relevant, especially where devices may be exposed to untrusted physical access, charging accessories, kiosks, repair environments, or other USB-interaction scenarios. Security teams responsible for mobile device management should verify upgrade coverage and exposure to pre-10.2 devices.

Technical summary

The NVD entry describes a flaw in Apple’s Image Capture component for iOS before 10.2, where a crafted USB HID device can trigger arbitrary code execution. NVD maps the weakness to CWE-20 and lists a CVSS v3.0 vector of AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (6.8 Medium). The published vulnerability scope in the record includes iPhone OS versions up to 10.1.1 in CPE data, while the text description states iOS before 10.2; both indicate pre-10.2 exposure and should be interpreted conservatively.

Defensive priority

Medium to high for exposed mobile fleets: the attack requires physical proximity via USB HID, but the impact is full code execution on affected iOS versions. Prioritize remediation where devices may be physically accessible or where legacy iOS versions remain in use.

Recommended defensive actions

  • Confirm whether any Apple iOS devices are running versions earlier than 10.2 and prioritize upgrading them to a supported, patched release.
  • Review Apple’s vendor advisory (HT207422) for the exact affected versions and remediation guidance.
  • Restrict physical access to devices where practical, especially in shared, kiosk, repair, or staging environments.
  • Avoid connecting untrusted USB peripherals or accessories to managed devices.
  • Use mobile device management to inventory iOS versions and flag any legacy devices that cannot be updated.
  • If legacy devices must remain in service, implement compensating controls around physical access and accessory trust.

Evidence notes

The CVE description supplied by NVD states that iOS before 10.2 is affected and that the Image Capture component may permit arbitrary code execution via a crafted USB HID device. The NVD metadata also lists a vulnerable CPE range ending at iPhone OS 10.1.1, which is slightly narrower than the textual description but still consistent with pre-10.2 exposure. References provided in the record include Apple’s advisory at support.apple.com/HT207422 and third-party database entries.

Official resources

Publicly disclosed on 2017-02-20 per the CVE/NVD record. Use the vendor advisory and NVD detail page for remediation context; the NVD record was later modified on 2026-05-13.