Details of VAR-201609-0228

ID

VAR-201609-0228

CVE

CVE-2016-4727

TITLE

Apple OS X of IOThunderboltFamily Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2016-004974

DESCRIPTION

IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IOThunderboltFamily kext. The issue lies in the failure to properly initialize memory prior to accessing it. An attacker can leverage this vulnerability to escalate privileges under the context of the kernel. Apple OS X is a set of special operating systems developed by Apple Inc. for Mac computers. IOThunderboltFamily is one of the IO management control components. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. These issues are fixed in: Apple macOS 10.12

Trust: 3.24

sources: NVD: CVE-2016-4727 // JVNDB: JVNDB-2016-004974 // ZDI: ZDI-16-522 // CNNVD: CNNVD-201609-445 // BID: 93055 // VULHUB: VHN-93546 // VULMON: CVE-2016-4727

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.6	Trust: 1.0
vendor:	apple	model:	os x	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12	Trust: 0.3

sources: ZDI: ZDI-16-522 // BID: 93055 // JVNDB: JVNDB-2016-004974 // CNNVD: CNNVD-201609-445 // NVD: CVE-2016-4727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4727
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4727
value:	HIGH
Trust: 0.8
ZDI:	CVE-2016-4727
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201609-445
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-93546
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-4727
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4727
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2016-4727
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-93546
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4727
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-16-522 // VULHUB: VHN-93546 // VULMON: CVE-2016-4727 // JVNDB: JVNDB-2016-004974 // CNNVD: CNNVD-201609-445 // NVD: CVE-2016-4727

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-93546 // JVNDB: JVNDB-2016-004974 // NVD: CVE-2016-4727

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-445

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201609-445

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004974

PATCH

title:	HT207170	url:	https://support.apple.com/en-us/HT207170	Trust: 1.5
title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-09-20 macOS Sierra 10.12	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/ja-jp/HT207170	Trust: 0.8
title:	Apple OS X IOThunderboltFamily Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64322	Trust: 0.6
title:	Apple: macOS Sierra 10.12	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042	Trust: 0.1

sources: ZDI: ZDI-16-522 // VULMON: CVE-2016-4727 // JVNDB: JVNDB-2016-004974 // CNNVD: CNNVD-201609-445

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4727	Trust: 3.6
db:	BID	id:	93055	Trust: 2.1
db:	SECTRACK	id:	1036858	Trust: 1.2
db:	JVN	id:	JVNVU90950877	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004974	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3814	Trust: 0.7
db:	ZDI	id:	ZDI-16-522	Trust: 0.7
db:	CNNVD	id:	CNNVD-201609-445	Trust: 0.7
db:	ZDI	id:	ZDI-16-608	Trust: 0.3
db:	ZDI	id:	ZDI-16-609	Trust: 0.3
db:	VULHUB	id:	VHN-93546	Trust: 0.1
db:	VULMON	id:	CVE-2016-4727	Trust: 0.1

sources: ZDI: ZDI-16-522 // VULHUB: VHN-93546 // VULMON: CVE-2016-4727 // BID: 93055 // JVNDB: JVNDB-2016-004974 // CNNVD: CNNVD-201609-445 // NVD: CVE-2016-4727

REFERENCES

url:	http://www.securityfocus.com/bid/93055	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 1.8
url:	https://support.apple.com/ht207170	Trust: 1.8
url:	http://www.securitytracker.com/id/1036858	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4727	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90950877/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4727	Trust: 0.8
url:	https://support.apple.com/en-us/ht207170	Trust: 0.7
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-608/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-609/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-appleefiruntime-cve-2016-4696	Trust: 0.1
url:	https://support.apple.com/kb/ht207170	Trust: 0.1

sources: ZDI: ZDI-16-522 // VULHUB: VHN-93546 // VULMON: CVE-2016-4727 // BID: 93055 // JVNDB: JVNDB-2016-004974 // CNNVD: CNNVD-201609-445 // NVD: CVE-2016-4727

CREDITS

wmin

Trust: 0.7

sources: ZDI: ZDI-16-522

SOURCES

db:	ZDI	id:	ZDI-16-522
db:	VULHUB	id:	VHN-93546
db:	VULMON	id:	CVE-2016-4727
db:	BID	id:	93055
db:	JVNDB	id:	JVNDB-2016-004974
db:	CNNVD	id:	CNNVD-201609-445
db:	NVD	id:	CVE-2016-4727

LAST UPDATE DATE

2025-04-13T21:28:45.764000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-522	date:	2016-09-20T00:00:00
db:	VULHUB	id:	VHN-93546	date:	2017-07-30T00:00:00
db:	VULMON	id:	CVE-2016-4727	date:	2017-07-30T00:00:00
db:	BID	id:	93055	date:	2016-11-24T01:11:00
db:	JVNDB	id:	JVNDB-2016-004974	date:	2016-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201609-445	date:	2016-09-26T00:00:00
db:	NVD	id:	CVE-2016-4727	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-522	date:	2016-09-20T00:00:00
db:	VULHUB	id:	VHN-93546	date:	2016-09-25T00:00:00
db:	VULMON	id:	CVE-2016-4727	date:	2016-09-25T00:00:00
db:	BID	id:	93055	date:	2016-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-004974	date:	2016-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201609-445	date:	2016-09-26T00:00:00
db:	NVD	id:	CVE-2016-4727	date:	2016-09-25T10:59:31.283