Details of VAR-201603-0210

ID

VAR-201603-0210

CVE

CVE-2016-1788

TITLE

plural Apple Vulnerability in reading message attachments in product messages

Trust: 0.8

sources: JVNDB: JVNDB-2016-001859

DESCRIPTION

Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. Apple Mac OS X, iOS and WatchOS are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Note: This issue was previously titled 'Apple iOS Weak Encryption Security Bypass Vulnerability'. The title has been changed to better reflect the vulnerability information. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. Messages is one of the application components for sending texts, photos and videos. There are security vulnerabilities in Messages of many Apple products. The vulnerability stems from the incorrect implementation of the encryption protection mechanism in the program. The following products and versions are affected: Apple iOS versions prior to 9.3, OS X versions prior to 10.11.4, and watchOS versions prior to 2.2

Trust: 1.98

sources: NVD: CVE-2016-1788 // JVNDB: JVNDB-2016-001859 // BID: 84971 // VULHUB: VHN-90607

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.3	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.2.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 84971 // JVNDB: JVNDB-2016-001859 // CNNVD: CNNVD-201603-352 // NVD: CVE-2016-1788

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1788
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1788
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201603-352
value:	LOW
Trust: 0.6
VULHUB:	VHN-90607
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-1788
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90607
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1788
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90607 // JVNDB: JVNDB-2016-001859 // CNNVD: CNNVD-201603-352 // NVD: CVE-2016-1788

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-90607 // JVNDB: JVNDB-2016-001859 // NVD: CVE-2016-1788

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-352

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201603-352

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001859

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-03-21-1 iOS 9.3	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-2 watchOS 2.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206168	url:	https://support.apple.com/en-us/HT206168	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/en-us/HT206166	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/ja-jp/HT206166	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	HT206168	url:	https://support.apple.com/ja-jp/HT206168	Trust: 0.8
title:	Multiple Apple product Messages Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60678	Trust: 0.6

sources: JVNDB: JVNDB-2016-001859 // CNNVD: CNNVD-201603-352

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1788	Trust: 2.8
db:	SECTRACK	id:	1035353	Trust: 1.1
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001859	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-352	Trust: 0.7
db:	SECUNIA	id:	63459	Trust: 0.6
db:	BID	id:	84971	Trust: 0.4
db:	VULHUB	id:	VHN-90607	Trust: 0.1

sources: VULHUB: VHN-90607 // BID: 84971 // JVNDB: JVNDB-2016-001859 // CNNVD: CNNVD-201603-352 // NVD: CVE-2016-1788

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.7
url:	https://support.apple.com/ht206166	Trust: 1.7
url:	https://support.apple.com/ht206167	Trust: 1.7
url:	https://support.apple.com/ht206168	Trust: 1.7
url:	http://www.securitytracker.com/id/1035353	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1788	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1788	Trust: 0.8
url:	http://secunia.com/advisories/63459	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	http://www.theregister.co.uk/2016/03/21/zero_day_apple_grapple_dredges_imessage_photos_videos_in_ios_9/	Trust: 0.3

sources: VULHUB: VHN-90607 // BID: 84971 // JVNDB: JVNDB-2016-001859 // CNNVD: CNNVD-201603-352 // NVD: CVE-2016-1788

CREDITS

Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

Trust: 0.3

sources: BID: 84971

SOURCES

db:	VULHUB	id:	VHN-90607
db:	BID	id:	84971
db:	JVNDB	id:	JVNDB-2016-001859
db:	CNNVD	id:	CNNVD-201603-352
db:	NVD	id:	CVE-2016-1788

LAST UPDATE DATE

2025-04-13T21:01:42.238000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90607	date:	2016-12-03T00:00:00
db:	BID	id:	84971	date:	2016-07-05T21:56:00
db:	JVNDB	id:	JVNDB-2016-001859	date:	2016-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201603-352	date:	2016-03-24T00:00:00
db:	NVD	id:	CVE-2016-1788	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90607	date:	2016-03-24T00:00:00
db:	BID	id:	84971	date:	2016-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-001859	date:	2016-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201603-352	date:	2016-03-23T00:00:00
db:	NVD	id:	CVE-2016-1788	date:	2016-03-24T01:59:55.330