Sign-up

ID

VAR-201609-0275


CVE

CVE-2016-4710


TITLE

Apple OS X of WindowServer In root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2016-004968

DESCRIPTION

WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. This vulnerability CVE-2016-4709 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-704: Incorrect Type Conversion or Cast ( Bad type conversion or cast ) Has been identified. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges under the context of WindowServer. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. These issues are fixed in: Apple macOS 10.12. WindowServer is one of the Window service components

Trust: 2.7

sources: NVD: CVE-2016-4710 // JVNDB: JVNDB-2016-004968 // ZDI: ZDI-16-608 // BID: 93055 // VULHUB: VHN-93529 // VULMON: CVE-2016-4710

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.11.6

Trust: 1.0

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12

Trust: 0.3

sources: ZDI: ZDI-16-608 // BID: 93055 // JVNDB: JVNDB-2016-004968 // CNNVD: CNNVD-201609-454 // NVD: CVE-2016-4710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4710
value: HIGH

Trust: 1.0

NVD: CVE-2016-4710
value: HIGH

Trust: 0.8

ZDI: CVE-2016-4710
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201609-454
value: HIGH

Trust: 0.6

VULHUB: VHN-93529
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4710
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4710
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-4710
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-93529
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4710
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-16-608 // VULHUB: VHN-93529 // VULMON: CVE-2016-4710 // JVNDB: JVNDB-2016-004968 // CNNVD: CNNVD-201609-454 // NVD: CVE-2016-4710

PROBLEMTYPE DATA

problemtype:CWE-704

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-93529 // JVNDB: JVNDB-2016-004968 // NVD: CVE-2016-4710

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201609-454

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004968

PATCH
title:HT207170url:https://support.apple.com/en-us/HT207170
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-09-20 macOS Sierra 10.12url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
Trust: 0.8
title:HT207170url:https://support.apple.com/ja-jp/HT207170
Trust: 0.8
title:Apple OS X WindowServer Fixes for type confusion vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64330
Trust: 0.6
title:Apple: macOS Sierra 10.12url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-608 // 
            
            
            
            VULMON: CVE-2016-4710 // 
            
            
            
            JVNDB: JVNDB-2016-004968 // 
            
            
            
            CNNVD: CNNVD-201609-454

EXTERNAL IDS
db:NVDid:CVE-2016-4710
Trust: 3.6
db:ZDIid:ZDI-16-608
Trust: 2.2
db:BIDid:93055
Trust: 2.1
db:SECTRACKid:1036858
Trust: 1.2
db:JVNid:JVNVU90950877
Trust: 0.8
db:JVNDBid:JVNDB-2016-004968
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3774
Trust: 0.7
db:CNNVDid:CNNVD-201609-454
Trust: 0.7
db:ZDIid:ZDI-16-609
Trust: 0.3
db:VULHUBid:VHN-93529
Trust: 0.1
db:VULMONid:CVE-2016-4710
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-608 // 
            
            
            
            VULHUB: VHN-93529 // 
            
            
            
            VULMON: CVE-2016-4710 // 
            
            
            
            BID: 93055 // 
            
            
            
            JVNDB: JVNDB-2016-004968 // 
            
            
            
            CNNVD: CNNVD-201609-454 // 
            
            
            
            NVD: CVE-2016-4710

REFERENCES
url:http://www.securityfocus.com/bid/93055
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html
Trust: 1.8
url:https://support.apple.com/ht207170
Trust: 1.8
url:http://www.zerodayinitiative.com/advisories/zdi-16-608
Trust: 1.2
url:http://www.securitytracker.com/id/1036858
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4710
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90950877/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4710
Trust: 0.8
url:https://support.apple.com/en-us/ht207170
Trust: 0.7
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-608/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-609/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/704.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-cd9660-cve-2016-4706
Trust: 0.1
url:https://support.apple.com/kb/ht207170
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-608 // 
            
            
            
            VULHUB: VHN-93529 // 
            
            
            
            VULMON: CVE-2016-4710 // 
            
            
            
            BID: 93055 // 
            
            
            
            JVNDB: JVNDB-2016-004968 // 
            
            
            
            CNNVD: CNNVD-201609-454 // 
            
            
            
            NVD: CVE-2016-4710

CREDITS
e048b7039acc9483d42ca9ef197bd909
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-608

SOURCES
db:ZDIid:ZDI-16-608
db:VULHUBid:VHN-93529
db:VULMONid:CVE-2016-4710
db:BIDid:93055
db:JVNDBid:JVNDB-2016-004968
db:CNNVDid:CNNVD-201609-454
db:NVDid:CVE-2016-4710

LAST UPDATE DATE
2025-04-13T22:02:58.832000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-608date:2016-11-15T00:00:00
db:VULHUBid:VHN-93529date:2017-07-30T00:00:00
db:VULMONid:CVE-2016-4710date:2017-07-30T00:00:00
db:BIDid:93055date:2016-11-24T01:11:00
db:JVNDBid:JVNDB-2016-004968date:2016-09-30T00:00:00
db:CNNVDid:CNNVD-201609-454date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4710date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-608date:2016-11-15T00:00:00
db:VULHUBid:VHN-93529date:2016-09-25T00:00:00
db:VULMONid:CVE-2016-4710date:2016-09-25T00:00:00
db:BIDid:93055date:2016-09-20T00:00:00
db:JVNDBid:JVNDB-2016-004968date:2016-09-30T00:00:00
db:CNNVDid:CNNVD-201609-454date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4710date:2016-09-25T10:59:17.703