Details of VAR-201602-0203

ID

VAR-201602-0203

CVE

CVE-2016-1716

TITLE

Apple OS X of AppleGraphicsPowerManagement Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-001399

DESCRIPTION

AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X is prone to multiple privilege-escalation vulnerabilities. An attacker can exploit these issues to gain kernel level privileges within the context of the affected system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X El Capitan 10.11.3 and Security Update 2016-001 is now available and addresses the following: AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent Disk Images Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team IOAcceleratorFamily Available for: OS X El Capitan v10.11.0 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1718 : Juwei Lin Trend Micro working with HP's Zero Day Initiative IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOKit Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks. CVE-ID CVE-2016-1729 : an anonymous researcher syslog Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with root privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWnsHdAAoJEBcWfLTuOo7tj/0P/2uG1QyMoIxPwzrtA178gig5 G1ozPA98X+6X+wd2ocVDUjROhKB+nySUuQvMr/LZY1ZyOE+zZlyv60EYefSwX9Qn ASQfdHU73eu1cfViQOrACb5CvyCv8xQ3xEs5Z8Ruw4AaLKM5ICSaFRZKPb6VLVJ8 S4l5fYY+su5LBqM61AxQi9WlHNsy0IUARj1dz67/Q45eJat9gkzUX5Xwuya5KbMu At2nyrzJQZhPmCl4uARglipbRE4r/jVC0Hmq8pM6rjRusO80cx6HsbUm0jIKe/xu QRN5IMrhyp4YnYwujFIN7sknsAQYdGjoq250KFe9lWeq4HhA+JI3pqCRfPY0uqo4 tL9TBmusv6xw5WgjomobCV8hEq3zmPwNyfBDgAot/mdUMOuam3qpyEeWpSATgfUj esgWZTPR5AAGd/dxk82Kz7PoHLDKf7lTtBbE8MRYFGaVZVZUiOjjbusYWbbikkhH Tr1Hy0kCJ3YLWpO/6G6z5sZXdXKTMf/o/PqnoRAwxXIr6PnfcPdpf0N+/cdQaqmv aoPNKPrCGAu3vlBHFrpP4FJgR6piZW/X30hh4DzqpGVNulUEI9USyIYsjB4M5IN7 pYUclIqpiLfXwi02uleVaetDuyPRCTY0vKOpMYVXG838aqZzpXyDRzyiPwLDMbK9 bb0aaqIVGEjM+xgCQ1db =CR2n -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-1716 // JVNDB: JVNDB-2016-001399 // BID: 81274 // VULHUB: VHN-90535 // PACKETSTORM: 135326

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.11 to v10.11.2	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.2	Trust: 0.6

sources: JVNDB: JVNDB-2016-001399 // CNNVD: CNNVD-201602-001 // NVD: CVE-2016-1716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1716
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1716
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201602-001
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90535
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1716
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90535
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1716
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90535 // JVNDB: JVNDB-2016-001399 // CNNVD: CNNVD-201602-001 // NVD: CVE-2016-1716

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90535 // JVNDB: JVNDB-2016-001399 // NVD: CVE-2016-1716

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201602-001

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201602-001

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001399

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html	Trust: 0.8
title:	HT205731	url:	https://support.apple.com/en-us/HT205731	Trust: 0.8
title:	HT205731	url:	https://support.apple.com/ja-jp/HT205731	Trust: 0.8
title:	Apple OS X AppleGraphicsPowerManagement Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60012	Trust: 0.6

sources: JVNDB: JVNDB-2016-001399 // CNNVD: CNNVD-201602-001

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1716	Trust: 2.9
db:	SECTRACK	id:	1034736	Trust: 1.1
db:	JVN	id:	JVNVU90405245	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001399	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-001	Trust: 0.7
db:	BID	id:	81274	Trust: 0.3
db:	VULHUB	id:	VHN-90535	Trust: 0.1
db:	PACKETSTORM	id:	135326	Trust: 0.1

sources: VULHUB: VHN-90535 // BID: 81274 // JVNDB: JVNDB-2016-001399 // PACKETSTORM: 135326 // CNNVD: CNNVD-201602-001 // NVD: CVE-2016-1716

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html	Trust: 1.7
url:	https://support.apple.com/ht205731	Trust: 1.7
url:	http://www.securitytracker.com/id/1034736	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1716	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90405245/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1716	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7995	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1729	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1717	Trust: 0.1

sources: VULHUB: VHN-90535 // BID: 81274 // JVNDB: JVNDB-2016-001399 // PACKETSTORM: 135326 // CNNVD: CNNVD-201602-001 // NVD: CVE-2016-1716

CREDITS

moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent, Juwei Lin Trend Micro working with HP's Zero Day Initiative and an anonymous researcher.

Trust: 0.3

sources: BID: 81274

SOURCES

db:	VULHUB	id:	VHN-90535
db:	BID	id:	81274
db:	JVNDB	id:	JVNDB-2016-001399
db:	PACKETSTORM	id:	135326
db:	CNNVD	id:	CNNVD-201602-001
db:	NVD	id:	CVE-2016-1716

LAST UPDATE DATE

2025-04-13T22:31:12.112000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90535	date:	2017-09-10T00:00:00
db:	BID	id:	81274	date:	2016-02-11T07:41:00
db:	JVNDB	id:	JVNDB-2016-001399	date:	2016-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201602-001	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1716	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90535	date:	2016-02-01T00:00:00
db:	BID	id:	81274	date:	2016-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-001399	date:	2016-02-17T00:00:00
db:	PACKETSTORM	id:	135326	date:	2016-01-20T16:54:51
db:	CNNVD	id:	CNNVD-201602-001	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1716	date:	2016-02-01T11:59:00.120