Improper access control in Microsoft 365 Copilot for iOS allows an unauthorized attacker to elevate privileges over a network.
According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability? The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component.
Ofek Levin with <a href="https://enclave.ai/">Enclave</a>