top of page
perceptive_background_267k.jpg

iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileā€¦

Published:

15 januari 2026 om 23:00:00

Alert date:

16 januari 2026 om 16:17:23

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Operating Systems

iFunbox version 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service. This vulnerability allows local attackers to execute arbitrary code with elevated LocalSystem privileges. Attackers can exploit this by inserting a malicious executable into the unquoted service path. The malicious code executes when the service restarts, providing full system-level access. This represents a significant privilege escalation vulnerability affecting users of the iFunbox iOS management tool.

Technical details

Mitigation steps:

Affected products:

iFunbox

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47803
https://www.exploit-db.com/exploits/50040
https://www.i-funbox.com/en/index.html
https://www.vulncheck.com/advisories/ifunbox-apple-mobile-device-service-unquoted-service-path

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page