Sign-up

ID

VAR-201609-0274


CVE

CVE-2016-4709


TITLE

Apple OS X of WindowServer In root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2016-004967

DESCRIPTION

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. This vulnerability CVE-2016-4710 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-704: Incorrect Type Conversion or Cast ( Bad type conversion or cast ) Has been identified. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges under the context of WindowServer. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. These issues are fixed in: Apple macOS 10.12. WindowServer is one of the Window service components

Trust: 2.7

sources: NVD: CVE-2016-4709 // JVNDB: JVNDB-2016-004967 // ZDI: ZDI-16-609 // BID: 93055 // VULHUB: VHN-93528 // VULMON: CVE-2016-4709

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.11.6

Trust: 1.0

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12

Trust: 0.3

sources: ZDI: ZDI-16-609 // BID: 93055 // JVNDB: JVNDB-2016-004967 // CNNVD: CNNVD-201609-453 // NVD: CVE-2016-4709

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4709
value: HIGH

Trust: 1.0

NVD: CVE-2016-4709
value: HIGH

Trust: 0.8

ZDI: CVE-2016-4709
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201609-453
value: HIGH

Trust: 0.6

VULHUB: VHN-93528
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4709
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4709
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-4709
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-93528
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4709
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-16-609 // VULHUB: VHN-93528 // VULMON: CVE-2016-4709 // JVNDB: JVNDB-2016-004967 // CNNVD: CNNVD-201609-453 // NVD: CVE-2016-4709

PROBLEMTYPE DATA

problemtype:CWE-704

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-93528 // JVNDB: JVNDB-2016-004967 // NVD: CVE-2016-4709

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201609-453

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-453

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004967

PATCH
title:HT207170url:https://support.apple.com/en-us/HT207170
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-09-20 macOS Sierra 10.12url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
Trust: 0.8
title:HT207170url:https://support.apple.com/ja-jp/HT207170
Trust: 0.8
title:Apple OS X WindowServer Fixes for type confusion vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64329
Trust: 0.6
title:Apple: macOS Sierra 10.12url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-609 // 
            
            
            
            VULMON: CVE-2016-4709 // 
            
            
            
            JVNDB: JVNDB-2016-004967 // 
            
            
            
            CNNVD: CNNVD-201609-453

EXTERNAL IDS
db:NVDid:CVE-2016-4709
Trust: 3.6
db:ZDIid:ZDI-16-609
Trust: 2.2
db:BIDid:93055
Trust: 2.1
db:SECTRACKid:1036858
Trust: 1.2
db:JVNid:JVNVU90950877
Trust: 0.8
db:JVNDBid:JVNDB-2016-004967
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3772
Trust: 0.7
db:CNNVDid:CNNVD-201609-453
Trust: 0.7
db:ZDIid:ZDI-16-608
Trust: 0.3
db:VULHUBid:VHN-93528
Trust: 0.1
db:VULMONid:CVE-2016-4709
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-609 // 
            
            
            
            VULHUB: VHN-93528 // 
            
            
            
            VULMON: CVE-2016-4709 // 
            
            
            
            BID: 93055 // 
            
            
            
            JVNDB: JVNDB-2016-004967 // 
            
            
            
            CNNVD: CNNVD-201609-453 // 
            
            
            
            NVD: CVE-2016-4709

REFERENCES
url:http://www.securityfocus.com/bid/93055
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html
Trust: 1.8
url:https://support.apple.com/ht207170
Trust: 1.8
url:http://www.zerodayinitiative.com/advisories/zdi-16-609
Trust: 1.2
url:http://www.securitytracker.com/id/1036858
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4709
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90950877/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4709
Trust: 0.8
url:https://support.apple.com/en-us/ht207170
Trust: 0.7
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-608/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-609/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/704.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-cd9660-cve-2016-4706
Trust: 0.1
url:https://support.apple.com/kb/ht207170
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-609 // 
            
            
            
            VULHUB: VHN-93528 // 
            
            
            
            VULMON: CVE-2016-4709 // 
            
            
            
            BID: 93055 // 
            
            
            
            JVNDB: JVNDB-2016-004967 // 
            
            
            
            CNNVD: CNNVD-201609-453 // 
            
            
            
            NVD: CVE-2016-4709

CREDITS
e048b7039acc9483d42ca9ef197bd909
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-609

SOURCES
db:ZDIid:ZDI-16-609
db:VULHUBid:VHN-93528
db:VULMONid:CVE-2016-4709
db:BIDid:93055
db:JVNDBid:JVNDB-2016-004967
db:CNNVDid:CNNVD-201609-453
db:NVDid:CVE-2016-4709

LAST UPDATE DATE
2025-04-13T22:04:38.444000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-609date:2016-11-15T00:00:00
db:VULHUBid:VHN-93528date:2017-07-30T00:00:00
db:VULMONid:CVE-2016-4709date:2017-07-30T00:00:00
db:BIDid:93055date:2016-11-24T01:11:00
db:JVNDBid:JVNDB-2016-004967date:2016-09-30T00:00:00
db:CNNVDid:CNNVD-201609-453date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4709date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-609date:2016-11-15T00:00:00
db:VULHUBid:VHN-93528date:2016-09-25T00:00:00
db:VULMONid:CVE-2016-4709date:2016-09-25T00:00:00
db:BIDid:93055date:2016-09-20T00:00:00
db:JVNDBid:JVNDB-2016-004967date:2016-09-30T00:00:00
db:CNNVDid:CNNVD-201609-453date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4709date:2016-09-25T10:59:16.767