ID

VAR-201607-0337


CVE

CVE-2016-4593


TITLE

Apple iOS of Siri Contacts Component vulnerable to reading arbitrary contact card information

Trust: 0.8

sources: JVNDB: JVNDB-2016-004060

DESCRIPTION

The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information and spoof the source URI of a site presented to an unsuspecting user. Failed exploit attempts may cause a denial-of-service condition. Versions prior to iOS 9.3.3 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Siri is one of the intelligent voice control components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-2 iOS 9.3.3 iOS 9.3.3 is now available and addresses the following: Calendar Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling. CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical Center CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) FaceTime Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic. CVE-2016-4604 : xisigr of Tencent's Xuanwu Lab (www.tencent.com) Sandbox Profiles Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Siri Contacts Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management. CVE-2016-4593 : Pedro Pinheiro (facebook.com/pedro.pinheiro.1996) Web Media Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode Description: A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management. CVE-2016-4603 : Brian Porter (@portex33) WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins. CVE-2016-4590 : xisigr of Tencent's Xuanwu Lab (www.tencent.com), an anonymous researcher WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple WebKit JavaScript Bindings Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9. CVE-2016-4651 : Obscure WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp) WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.3.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXA4AAoJEIOj74w0bLRGzJ0P/1ry4kKeEmZdCG8n5skZNWcx hvtpxrZVgse6nvkJ5+SPDIOJbGFNUEv4YP5F+MBosr/mLBcmyjPFbbdlEsKE6ffj uS03k0p/9uEczaZrytzwK3AXeKwLP1Q47Yl76sPaKtCYzZF0Qlzype4BXdPW/FnV 5Hg0/EAw9vLUpn36BG7NDH5HPTsTETtjxfNZg25k16DMek90E8DQLGCNFBnT7iY1 lC/4CuMBEeZIsOlM1C6IxrlRtUZCMuNUCE68w944Ne7BJqAM3J3sT6/tQMrqg+2S CVk+4XLey/pi9L6PsR4eSgW80wVLnfoAgEbDnD3ZwWhzrfTqFcvlxDGaxn0LGDf1 H+aalvb8UmNtPr+zQymCGXRBqX9jlzTyRqfoa33R09qJtkSlaeKDbWEdJf706OD6 SeL5rzeeJSjwmrlNzyttnGoH5bsRYb3FhIA5eQlymi4y2EPBXFsQTH2Hxnb06oNo 4XiJx+43+VJ3MUf4v0MHNQqOGlqiw2twSen0mc/3D1IREGFgmL7bszJWALsdElNQ itACX596JCWc/RPzkLkMKZlKfSxG3AYIKgvLVvVodgHjObqLBSgya6hvpZ3jwsDr f9nggrqh0mHCMmPG4fPUvsDBt63TJcTNuTvlv6EWLSDM6B9Yy9FkFjNt3e0LlFEg /esomms9/qUSQyOF2huK =zqBF -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-4593 // JVNDB: JVNDB-2016-004060 // BID: 91825 // VULHUB: VHN-93412 // PACKETSTORM: 137959

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:9.3.2

Trust: 1.0

vendor:applemodel:iosscope:ltversion:9.3.3 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.3 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.3 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.3.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.3.3

Trust: 0.3

sources: BID: 91825 // JVNDB: JVNDB-2016-004060 // NVD: CVE-2016-4593 // CNNVD: CNNVD-201607-855

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-4593
value: LOW

Trust: 1.8

CNNVD: CNNVD-201607-855
value: LOW

Trust: 0.6

VULHUB: VHN-93412
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-4593
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-93412
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2016-4593
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-93412 // JVNDB: JVNDB-2016-004060 // NVD: CVE-2016-4593 // CNNVD: CNNVD-201607-855

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-93412 // JVNDB: JVNDB-2016-004060 // NVD: CVE-2016-4593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201607-855

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201607-855

CONFIGURATIONS

sources: NVD: CVE-2016-4593

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/ht201222

Trust: 0.8

title:APPLE-SA-2016-07-18-2 iOS 9.3.3url:http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html

Trust: 0.8

title:HT206902url:https://support.apple.com/en-us/ht206902

Trust: 0.8

title:HT206902url:https://support.apple.com/ja-jp/ht206902

Trust: 0.8

title:Apple iOS Siri Contacts Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63215

Trust: 0.6

sources: JVNDB: JVNDB-2016-004060 // CNNVD: CNNVD-201607-855

EXTERNAL IDS

db:NVDid:CVE-2016-4593

Trust: 2.9

db:BIDid:91825

Trust: 1.4

db:SECTRACKid:1036344

Trust: 1.1

db:JVNid:JVNVU94844193

Trust: 0.8

db:JVNDBid:JVNDB-2016-004060

Trust: 0.8

db:CNNVDid:CNNVD-201607-855

Trust: 0.7

db:VULHUBid:VHN-93412

Trust: 0.1

db:PACKETSTORMid:137959

Trust: 0.1

sources: VULHUB: VHN-93412 // BID: 91825 // JVNDB: JVNDB-2016-004060 // PACKETSTORM: 137959 // NVD: CVE-2016-4593 // CNNVD: CNNVD-201607-855

REFERENCES

url:http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html

Trust: 1.7

url:https://support.apple.com/ht206902

Trust: 1.7

url:http://www.securityfocus.com/bid/91825

Trust: 1.1

url:http://www.securitytracker.com/id/1036344

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4593

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94844193/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4593

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.apple.com/iphone/

Trust: 0.3

url:http://www.apple.com/ipodtouch/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4605

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4449

Trust: 0.1

url:https://gpgtools.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4591

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4483

Trust: 0.1

url:https://www.tencent.com)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1836

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4585

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4587

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1865

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4603

Trust: 0.1

url:https://www.mbsd.jp)

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1863

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4582

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1864

Trust: 0.1

url:https://www.tencent.com),

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4612

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4448

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4593

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4610

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4583

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4592

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4584

Trust: 0.1

sources: VULHUB: VHN-93412 // BID: 91825 // JVNDB: JVNDB-2016-004060 // PACKETSTORM: 137959 // NVD: CVE-2016-4593 // CNNVD: CNNVD-201607-855

CREDITS

Pedro Pinheiro, Brian Porter (@portex33), xisigr of Tencent's Xuanwu Lab and Henry Feldman MD at Beth Israel Deaconess Medical.

Trust: 0.3

sources: BID: 91825

SOURCES

db:VULHUBid:VHN-93412
db:BIDid:91825
db:JVNDBid:JVNDB-2016-004060
db:PACKETSTORMid:137959
db:NVDid:CVE-2016-4593
db:CNNVDid:CNNVD-201607-855

LAST UPDATE DATE

2023-12-18T11:08:43.877000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93412date:2017-09-01T00:00:00
db:BIDid:91825date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004060date:2016-07-29T00:00:00
db:NVDid:CVE-2016-4593date:2017-09-01T01:29:24.367
db:CNNVDid:CNNVD-201607-855date:2016-07-26T00:00:00

SOURCES RELEASE DATE

db:VULHUBid:VHN-93412date:2016-07-22T00:00:00
db:BIDid:91825date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004060date:2016-07-29T00:00:00
db:PACKETSTORMid:137959date:2016-07-19T19:47:55
db:NVDid:CVE-2016-4593date:2016-07-22T02:59:16.583
db:CNNVDid:CNNVD-201607-855date:2016-07-26T00:00:00