Details of VAR-201604-0526

ID

VAR-201604-0526

CVE

CVE-2016-1789

TITLE

Apple iBooks Author Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2016-001937

DESCRIPTION

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks. Versions prior to iBooks Author 2.4.1 are vulnerable. Apple iBooks Author is a set of apps from Apple (Apple) that can be obtained for free from the Mac App Store and is used to create Multi-Touch (Multi-Touch) e-books for the iPad and other e-books of any category. It supports the use of Rich content such as galleries, videos, interactive charts, 3D objects, mathematical expressions, etc. This issue was addressed through improved parsing. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW/ZD8AAoJEBcWfLTuOo7t0tEP/jOndtapfdeu3rZ9jz8kvC0U llXs4fFSacP++PWNAtLbh5zVf619YIicylTUVtGI2jAv2HPZNQN0r3K48e6Oa7Pr LOPk1zR+jcU+0pn72lnO/0OzUdpa+lWoY+K2pnEbP40dBMM8OBO6oQzhHhWquZSE N8jM+A2eO+UoxpfHFSopNmOnrVqvJCFTUYhlS8e2uYAPsZglZkPA20Z7VSju+sLA HGvu3TB771dv3TpL+3kScYhH/yChEmFFHa5rG51C7UHgTLbfSYLcABRGpmNyyufa p+nfqGuRc5CY67XacmcXqxJ3iqYjDlCNqcQl0HtCf+wZFky2xdBJ6G7ASbyDDeFP APkisPOt6O+sYtfRiDKs8bqZiey2PR6ft2/1n4FMJv19VOTmhnlG7J1RWQm2ObOg HCEYej6D21uzpRwbL9Ott5LF7uguHIW96g/ezZw7Q3TAWVbSDaFmxy8y1Fu5xSyo +5vivMoPo4NME6NYU0SYxb/FzzcPv6VyeP+et2rgADcOwYieN3lQiRJRLWgODwgt jcw/QVViq9hNIYIocjr4kXpD324SPhJdm55oDA98xJenlcxV7Uy8pEsbr2j2/+yK E9Fn633U8YttSnqHqKgjQVLv5mBuDLzEG4HbR3FQNWMUBN6btUL9gY6acH75FP4p /9/+EO8HZte9pHuNjeTk =/Ihd -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-1789 // JVNDB: JVNDB-2016-001937 // BID: 85766 // VULHUB: VHN-90608 // PACKETSTORM: 136536

AFFECTED PRODUCTS

vendor:	apple	model:	ibooks author	scope:	lte	version:	2.4.0	Trust: 1.0
vendor:	apple	model:	ibooks author	scope:	lt	version:	2.4.1 (os x yosemite v10.10 or later )	Trust: 0.8
vendor:	apple	model:	ibooks author	scope:	eq	version:	2.4.0	Trust: 0.6

sources: JVNDB: JVNDB-2016-001937 // CNNVD: CNNVD-201603-458 // NVD: CVE-2016-1789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1789
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1789
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-458
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90608
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1789
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90608
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1789
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90608 // JVNDB: JVNDB-2016-001937 // CNNVD: CNNVD-201603-458 // NVD: CVE-2016-1789

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-001937 // NVD: CVE-2016-1789

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-458

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201603-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001937

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-03-31-1 iBooks Author 2.4.1	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html	Trust: 0.8
title:	HT206224	url:	https://support.apple.com/en-us/HT206224	Trust: 0.8
title:	HT206224	url:	https://support.apple.com/ja-jp/HT206224	Trust: 0.8
title:	Apple iBooks Author Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60738	Trust: 0.6

sources: JVNDB: JVNDB-2016-001937 // CNNVD: CNNVD-201603-458

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1789	Trust: 2.9
db:	JVNDB	id:	JVNDB-2016-001937	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-458	Trust: 0.7
db:	NSFOCUS	id:	32866	Trust: 0.6
db:	AUSCERT	id:	ESB-2016.0831	Trust: 0.6
db:	BID	id:	85766	Trust: 0.3
db:	PACKETSTORM	id:	136536	Trust: 0.2
db:	VULHUB	id:	VHN-90608	Trust: 0.1

sources: VULHUB: VHN-90608 // BID: 85766 // JVNDB: JVNDB-2016-001937 // PACKETSTORM: 136536 // CNNVD: CNNVD-201603-458 // NVD: CVE-2016-1789

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00008.html	Trust: 1.1
url:	https://support.apple.com/kb/ht206224	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1789	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1789	Trust: 0.8
url:	https://support.apple.com/en-us/ht206224	Trust: 0.6
url:	https://www.auscert.org.au/render.html?it=32986	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/32866	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1789	Trust: 0.1
url:	http://support.apple.com/kb/ht201222	Trust: 0.1

sources: VULHUB: VHN-90608 // BID: 85766 // JVNDB: JVNDB-2016-001937 // PACKETSTORM: 136536 // CNNVD: CNNVD-201603-458 // NVD: CVE-2016-1789

CREDITS

Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)

Trust: 0.6

sources: CNNVD: CNNVD-201603-458

SOURCES

db:	VULHUB	id:	VHN-90608
db:	BID	id:	85766
db:	JVNDB	id:	JVNDB-2016-001937
db:	PACKETSTORM	id:	136536
db:	CNNVD	id:	CNNVD-201603-458
db:	NVD	id:	CVE-2016-1789

LAST UPDATE DATE

2025-04-12T23:25:47.164000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90608	date:	2016-12-03T00:00:00
db:	BID	id:	85766	date:	2016-07-06T14:19:00
db:	JVNDB	id:	JVNDB-2016-001937	date:	2016-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201603-458	date:	2016-04-06T00:00:00
db:	NVD	id:	CVE-2016-1789	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90608	date:	2016-04-05T00:00:00
db:	BID	id:	85766	date:	2016-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2016-001937	date:	2016-04-07T00:00:00
db:	PACKETSTORM	id:	136536	date:	2016-04-01T14:44:44
db:	CNNVD	id:	CNNVD-201603-458	date:	2016-04-01T00:00:00
db:	NVD	id:	CVE-2016-1789	date:	2016-04-05T17:59:09.817