Sign-up

ID

VAR-201603-0154


CVE

CVE-2016-1746


TITLE

Apple OS X of IOGraphics Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2016-001889

DESCRIPTION

IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the IOGraphicsFamily interface. The issue lies with the failure to validate user-supplied function addresses prior to using them. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.11 through 10.11.3 are vulnerable. IOGraphics is one of the input and output graphics components

Trust: 2.61

sources: NVD: CVE-2016-1746 // JVNDB: JVNDB-2016-001889 // ZDI: ZDI-16-202 // BID: 85056 // VULHUB: VHN-90565

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11 to 10.11.3

Trust: 0.8

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:mac os xscope:eqversion:10.11.3

Trust: 0.6

sources: ZDI: ZDI-16-202 // JVNDB: JVNDB-2016-001889 // CNNVD: CNNVD-201603-302 // NVD: CVE-2016-1746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1746
value: HIGH

Trust: 1.0

NVD: CVE-2016-1746
value: HIGH

Trust: 0.8

ZDI: CVE-2016-1746
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201603-302
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90565
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1746
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-1746
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-90565
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1746
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-16-202 // VULHUB: VHN-90565 // JVNDB: JVNDB-2016-001889 // CNNVD: CNNVD-201603-302 // NVD: CVE-2016-1746

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-90565 // JVNDB: JVNDB-2016-001889 // NVD: CVE-2016-1746

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-302

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201603-302

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001889

PATCH
title:HT206167url:https://support.apple.com/en-us/HT206167
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Trust: 0.8
title:HT206167url:https://support.apple.com/ja-jp/HT206167
Trust: 0.8
title:Apple OS X IOGraphics Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60629
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-202 // 
            
            
            
            JVNDB: JVNDB-2016-001889 // 
            
            
            
            CNNVD: CNNVD-201603-302

EXTERNAL IDS
db:NVDid:CVE-2016-1746
Trust: 3.5
db:ZDIid:ZDI-16-202
Trust: 2.1
db:SECTRACKid:1035363
Trust: 1.1
db:JVNid:JVNVU97668313
Trust: 0.8
db:JVNDBid:JVNDB-2016-001889
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3489
Trust: 0.7
db:CNNVDid:CNNVD-201603-302
Trust: 0.7
db:SECUNIAid:63459
Trust: 0.6
db:ZDIid:ZDI-16-206
Trust: 0.3
db:ZDIid:ZDI-16-205
Trust: 0.3
db:BIDid:85056
Trust: 0.3
db:VULHUBid:VHN-90565
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-202 // 
            
            
            
            VULHUB: VHN-90565 // 
            
            
            
            BID: 85056 // 
            
            
            
            JVNDB: JVNDB-2016-001889 // 
            
            
            
            CNNVD: CNNVD-201603-302 // 
            
            
            
            NVD: CVE-2016-1746

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html
Trust: 1.7
url:https://support.apple.com/ht206167
Trust: 1.7
url:http://www.zerodayinitiative.com/advisories/zdi-16-202
Trust: 1.4
url:http://www.securitytracker.com/id/1035363
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1746
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97668313/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1746
Trust: 0.8
url:https://support.apple.com/en-us/ht206167
Trust: 0.7
url:http://secunia.com/advisories/63459
Trust: 0.6
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-205
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-206
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-202 // 
            
            
            
            VULHUB: VHN-90565 // 
            
            
            
            BID: 85056 // 
            
            
            
            JVNDB: JVNDB-2016-001889 // 
            
            
            
            CNNVD: CNNVD-201603-302 // 
            
            
            
            NVD: CVE-2016-1746

CREDITS
Peter Pi of Trend Micro
Trust: 1.3
sources:
            
            
            ZDI: ZDI-16-202 // 
            
            
            
            CNNVD: CNNVD-201603-302

SOURCES
db:ZDIid:ZDI-16-202
db:VULHUBid:VHN-90565
db:BIDid:85056
db:JVNDBid:JVNDB-2016-001889
db:CNNVDid:CNNVD-201603-302
db:NVDid:CVE-2016-1746

LAST UPDATE DATE
2025-04-13T21:11:34.870000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-202date:2016-03-22T00:00:00
db:VULHUBid:VHN-90565date:2016-12-03T00:00:00
db:BIDid:85056date:2016-07-05T21:57:00
db:JVNDBid:JVNDB-2016-001889date:2016-03-28T00:00:00
db:CNNVDid:CNNVD-201603-302date:2016-03-24T00:00:00
db:NVDid:CVE-2016-1746date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-202date:2016-03-22T00:00:00
db:VULHUBid:VHN-90565date:2016-03-24T00:00:00
db:BIDid:85056date:2016-03-21T00:00:00
db:JVNDBid:JVNDB-2016-001889date:2016-03-28T00:00:00
db:CNNVDid:CNNVD-201603-302date:2016-03-23T00:00:00
db:NVDid:CVE-2016-1746date:2016-03-24T01:59:16.450