Details of VAR-201602-0216

ID

VAR-201602-0216

CVE

CVE-2016-1729

TITLE

Apple OS X of OSA Vulnerability to load arbitrary script library in script library

Trust: 0.8

sources: JVNDB: JVNDB-2016-001412

DESCRIPTION

Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlAn attacker could load an arbitrary script library via an isolated application. Apple Mac OS X is prone to multiple privilege-escalation vulnerabilities. An attacker can exploit these issues to gain kernel level privileges within the context of the affected system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X El Capitan 10.11.3 and Security Update 2016-001 is now available and addresses the following: AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1716 : moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent Disk Images Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team IOAcceleratorFamily Available for: OS X El Capitan v10.11.0 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1718 : Juwei Lin Trend Micro working with HP's Zero Day Initiative IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOKit Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling. This issue was addressed through improved search order and quarantine checks. CVE-ID CVE-2016-1729 : an anonymous researcher syslog Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A local user may be able to execute arbitrary code with root privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWnsHdAAoJEBcWfLTuOo7tj/0P/2uG1QyMoIxPwzrtA178gig5 G1ozPA98X+6X+wd2ocVDUjROhKB+nySUuQvMr/LZY1ZyOE+zZlyv60EYefSwX9Qn ASQfdHU73eu1cfViQOrACb5CvyCv8xQ3xEs5Z8Ruw4AaLKM5ICSaFRZKPb6VLVJ8 S4l5fYY+su5LBqM61AxQi9WlHNsy0IUARj1dz67/Q45eJat9gkzUX5Xwuya5KbMu At2nyrzJQZhPmCl4uARglipbRE4r/jVC0Hmq8pM6rjRusO80cx6HsbUm0jIKe/xu QRN5IMrhyp4YnYwujFIN7sknsAQYdGjoq250KFe9lWeq4HhA+JI3pqCRfPY0uqo4 tL9TBmusv6xw5WgjomobCV8hEq3zmPwNyfBDgAot/mdUMOuam3qpyEeWpSATgfUj esgWZTPR5AAGd/dxk82Kz7PoHLDKf7lTtBbE8MRYFGaVZVZUiOjjbusYWbbikkhH Tr1Hy0kCJ3YLWpO/6G6z5sZXdXKTMf/o/PqnoRAwxXIr6PnfcPdpf0N+/cdQaqmv aoPNKPrCGAu3vlBHFrpP4FJgR6piZW/X30hh4DzqpGVNulUEI9USyIYsjB4M5IN7 pYUclIqpiLfXwi02uleVaetDuyPRCTY0vKOpMYVXG838aqZzpXyDRzyiPwLDMbK9 bb0aaqIVGEjM+xgCQ1db =CR2n -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-1729 // JVNDB: JVNDB-2016-001412 // BID: 81274 // VULHUB: VHN-90548 // PACKETSTORM: 135326

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.11 to v10.11.2	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.2	Trust: 0.6

sources: JVNDB: JVNDB-2016-001412 // CNNVD: CNNVD-201602-012 // NVD: CVE-2016-1729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1729
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1729
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201602-012
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90548
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1729
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90548
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1729
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90548 // JVNDB: JVNDB-2016-001412 // CNNVD: CNNVD-201602-012 // NVD: CVE-2016-1729

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-001412 // NVD: CVE-2016-1729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-012

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201602-012

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001412

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html	Trust: 0.8
title:	HT205731	url:	https://support.apple.com/en-us/HT205731	Trust: 0.8
title:	HT205731	url:	https://support.apple.com/ja-jp/HT205731	Trust: 0.8
title:	Apple OS X OSA Scripts Fixes for untrusted search path vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60023	Trust: 0.6

sources: JVNDB: JVNDB-2016-001412 // CNNVD: CNNVD-201602-012

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1729	Trust: 2.9
db:	SECTRACK	id:	1034736	Trust: 1.1
db:	JVN	id:	JVNVU90405245	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001412	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-012	Trust: 0.6
db:	BID	id:	81274	Trust: 0.3
db:	VULHUB	id:	VHN-90548	Trust: 0.1
db:	PACKETSTORM	id:	135326	Trust: 0.1

sources: VULHUB: VHN-90548 // BID: 81274 // JVNDB: JVNDB-2016-001412 // PACKETSTORM: 135326 // CNNVD: CNNVD-201602-012 // NVD: CVE-2016-1729

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html	Trust: 1.7
url:	https://support.apple.com/ht205731	Trust: 1.7
url:	http://www.securitytracker.com/id/1034736	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1729	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90405245/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1729	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7995	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1729	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1717	Trust: 0.1

sources: VULHUB: VHN-90548 // BID: 81274 // JVNDB: JVNDB-2016-001412 // PACKETSTORM: 135326 // CNNVD: CNNVD-201602-012 // NVD: CVE-2016-1729

CREDITS

moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent, Juwei Lin Trend Micro working with HP's Zero Day Initiative and an anonymous researcher.

Trust: 0.3

sources: BID: 81274

SOURCES

db:	VULHUB	id:	VHN-90548
db:	BID	id:	81274
db:	JVNDB	id:	JVNDB-2016-001412
db:	PACKETSTORM	id:	135326
db:	CNNVD	id:	CNNVD-201602-012
db:	NVD	id:	CVE-2016-1729

LAST UPDATE DATE

2025-04-13T19:43:37.108000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90548	date:	2017-09-10T00:00:00
db:	BID	id:	81274	date:	2016-02-11T07:41:00
db:	JVNDB	id:	JVNDB-2016-001412	date:	2016-02-17T00:00:00
db:	CNNVD	id:	CNNVD-201602-012	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1729	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90548	date:	2016-02-01T00:00:00
db:	BID	id:	81274	date:	2016-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-001412	date:	2016-02-17T00:00:00
db:	PACKETSTORM	id:	135326	date:	2016-01-20T16:54:51
db:	CNNVD	id:	CNNVD-201602-012	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1729	date:	2016-02-01T11:59:13.963