Sign-up

ID

VAR-201607-0372


CVE

CVE-2016-4634


TITLE

Apple OS X Vulnerability in graphic drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-004029

DESCRIPTION

The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable. Graphics Drivers is one of the graphics driver components

Trust: 1.98

sources: NVD: CVE-2016-4634 // JVNDB: JVNDB-2016-004029 // BID: 91824 // VULHUB: VHN-93453

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

sources: BID: 91824 // JVNDB: JVNDB-2016-004029 // CNNVD: CNNVD-201607-888 // NVD: CVE-2016-4634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4634
value: HIGH

Trust: 1.0

NVD: CVE-2016-4634
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201607-888
value: HIGH

Trust: 0.6

VULHUB: VHN-93453
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4634
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93453
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4634
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93453 // JVNDB: JVNDB-2016-004029 // CNNVD: CNNVD-201607-888 // NVD: CVE-2016-4634

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-93453 // JVNDB: JVNDB-2016-004029 // NVD: CVE-2016-4634

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201607-888

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201607-888

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004029

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004url:http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
Trust: 0.8
title:HT206903url:https://support.apple.com/en-us/HT206903
Trust: 0.8
title:HT206903url:https://support.apple.com/ja-jp/HT206903
Trust: 0.8
title:Apple OS X Graphics Drivers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63248
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004029 // 
            
            
            
            CNNVD: CNNVD-201607-888

EXTERNAL IDS
db:NVDid:CVE-2016-4634
Trust: 2.8
db:BIDid:91824
Trust: 1.4
db:SECTRACKid:1036348
Trust: 1.1
db:JVNid:JVNVU94844193
Trust: 0.8
db:JVNDBid:JVNDB-2016-004029
Trust: 0.8
db:CNNVDid:CNNVD-201607-888
Trust: 0.7
db:ZDIid:ZDI-16-496
Trust: 0.3
db:ZDIid:ZDI-16-437
Trust: 0.3
db:ZDIid:ZDI-16-431
Trust: 0.3
db:ZDIid:ZDI-16-435
Trust: 0.3
db:VULHUBid:VHN-93453
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93453 // 
            
            
            
            BID: 91824 // 
            
            
            
            JVNDB: JVNDB-2016-004029 // 
            
            
            
            CNNVD: CNNVD-201607-888 // 
            
            
            
            NVD: CVE-2016-4634

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html
Trust: 1.7
url:https://support.apple.com/ht206903
Trust: 1.7
url:http://www.securityfocus.com/bid/91824
Trust: 1.1
url:http://www.securitytracker.com/id/1036348
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4634
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94844193/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4634
Trust: 0.8
url:http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html
Trust: 0.6
url:https://support.apple.com/ht206902
Trust: 0.6
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-431/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-435/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-437/
Trust: 0.3
url:apple os x acmp4aacbasedecoder out-of-bounds read information disclosure vulnerability
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-496/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93453 // 
            
            
            
            BID: 91824 // 
            
            
            
            JVNDB: JVNDB-2016-004029 // 
            
            
            
            CNNVD: CNNVD-201607-888 // 
            
            
            
            NVD: CVE-2016-4634

CREDITS
Jonathan Lewis from DeARX Services (PTY) LTD, Ke Liu of Tencent's Xuanwu Lab, Ian Beer of Google Project Zero, Tyler Bohan of Cisco Talos, Stefan Esser of SektionEins, Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative, Abhinav Bansa
Trust: 0.3
sources:
            
            
            BID: 91824

SOURCES
db:VULHUBid:VHN-93453
db:BIDid:91824
db:JVNDBid:JVNDB-2016-004029
db:CNNVDid:CNNVD-201607-888
db:NVDid:CVE-2016-4634

LAST UPDATE DATE
2025-04-13T21:15:50.230000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93453date:2017-09-01T00:00:00
db:BIDid:91824date:2016-08-29T19:00:00
db:JVNDBid:JVNDB-2016-004029date:2016-07-28T00:00:00
db:CNNVDid:CNNVD-201607-888date:2016-07-26T00:00:00
db:NVDid:CVE-2016-4634date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-93453date:2016-07-22T00:00:00
db:BIDid:91824date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-004029date:2016-07-28T00:00:00
db:CNNVDid:CNNVD-201607-888date:2016-07-26T00:00:00
db:NVDid:CVE-2016-4634date:2016-07-22T02:59:55.213