Sign-up

ID

VAR-201609-0279


CVE

CVE-2016-4715


TITLE

Apple OS X Vulnerability in obtaining user location information in the system date and time system preference panel component

Trust: 0.8

sources: JVNDB: JVNDB-2016-004970

DESCRIPTION

The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. These issues are fixed in: Apple macOS 10.12. Date & Time Pref Pane is one of the time and date display panel components. The vulnerability stems from the program's improper handling of .GlobalPreferences files. An attacker could exploit this vulnerability with the help of a specially crafted application to discover the user's location

Trust: 2.07

sources: NVD: CVE-2016-4715 // JVNDB: JVNDB-2016-004970 // BID: 93055 // VULHUB: VHN-93534 // VULMON: CVE-2016-4715

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.11.6

Trust: 1.0

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12

Trust: 0.3

sources: BID: 93055 // JVNDB: JVNDB-2016-004970 // CNNVD: CNNVD-201609-441 // NVD: CVE-2016-4715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4715
value: LOW

Trust: 1.0

NVD: CVE-2016-4715
value: LOW

Trust: 0.8

CNNVD: CNNVD-201609-441
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93534
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-4715
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4715
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-93534
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4715
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93534 // VULMON: CVE-2016-4715 // JVNDB: JVNDB-2016-004970 // CNNVD: CNNVD-201609-441 // NVD: CVE-2016-4715

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-93534 // JVNDB: JVNDB-2016-004970 // NVD: CVE-2016-4715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-441

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201609-441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004970

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-09-20 macOS Sierra 10.12url:http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
Trust: 0.8
title:HT207170url:https://support.apple.com/en-us/HT207170
Trust: 0.8
title:HT207170url:https://support.apple.com/ja-jp/HT207170
Trust: 0.8
title:Apple OS X Date & Time Pref Pane Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64318
Trust: 0.6
title:Apple: macOS Sierra 10.12url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-4715 // 
            
            
            
            JVNDB: JVNDB-2016-004970 // 
            
            
            
            CNNVD: CNNVD-201609-441

EXTERNAL IDS
db:NVDid:CVE-2016-4715
Trust: 2.9
db:BIDid:93055
Trust: 2.1
db:SECTRACKid:1036858
Trust: 1.2
db:JVNid:JVNVU90950877
Trust: 0.8
db:JVNDBid:JVNDB-2016-004970
Trust: 0.8
db:CNNVDid:CNNVD-201609-441
Trust: 0.7
db:ZDIid:ZDI-16-608
Trust: 0.3
db:ZDIid:ZDI-16-609
Trust: 0.3
db:VULHUBid:VHN-93534
Trust: 0.1
db:VULMONid:CVE-2016-4715
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93534 // 
            
            
            
            VULMON: CVE-2016-4715 // 
            
            
            
            BID: 93055 // 
            
            
            
            JVNDB: JVNDB-2016-004970 // 
            
            
            
            CNNVD: CNNVD-201609-441 // 
            
            
            
            NVD: CVE-2016-4715

REFERENCES
url:http://www.securityfocus.com/bid/93055
Trust: 1.9
url:http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html
Trust: 1.8
url:https://support.apple.com/ht207170
Trust: 1.8
url:http://www.securitytracker.com/id/1036858
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4715
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90950877/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4715
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-608/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-609/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-osx-cd9660-cve-2016-4706
Trust: 0.1
url:https://support.apple.com/kb/ht207170
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93534 // 
            
            
            
            VULMON: CVE-2016-4715 // 
            
            
            
            BID: 93055 // 
            
            
            
            JVNDB: JVNDB-2016-004970 // 
            
            
            
            CNNVD: CNNVD-201609-441 // 
            
            
            
            NVD: CVE-2016-4715

CREDITS
Qidan He(@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative, Shrek_wzw of Qihoo 360 Nirvan Team, Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative, Meder Kydyraliev Google Security T
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201609-441

SOURCES
db:VULHUBid:VHN-93534
db:VULMONid:CVE-2016-4715
db:BIDid:93055
db:JVNDBid:JVNDB-2016-004970
db:CNNVDid:CNNVD-201609-441
db:NVDid:CVE-2016-4715

LAST UPDATE DATE
2025-04-13T19:55:42.527000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93534date:2017-07-30T00:00:00
db:VULMONid:CVE-2016-4715date:2017-07-30T00:00:00
db:BIDid:93055date:2016-11-24T01:11:00
db:JVNDBid:JVNDB-2016-004970date:2016-09-30T00:00:00
db:CNNVDid:CNNVD-201609-441date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4715date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-93534date:2016-09-25T00:00:00
db:VULMONid:CVE-2016-4715date:2016-09-25T00:00:00
db:BIDid:93055date:2016-09-20T00:00:00
db:JVNDBid:JVNDB-2016-004970date:2016-09-30T00:00:00
db:CNNVDid:CNNVD-201609-441date:2016-09-26T00:00:00
db:NVDid:CVE-2016-4715date:2016-09-25T10:59:21.843