Details of VAR-201702-0204

ID

VAR-201702-0204

CVE

CVE-2016-7605

TITLE

Apple macOS of Bluetooth Service disruption in components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007391

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2016-7605 // JVNDB: JVNDB-2016-007391 // BID: 94903 // VULHUB: VHN-96425

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.2	Trust: 0.3

sources: BID: 94903 // JVNDB: JVNDB-2016-007391 // CNNVD: CNNVD-201612-489 // NVD: CVE-2016-7605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7605
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7605
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-489
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96425
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7605
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96425
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7605
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96425 // JVNDB: JVNDB-2016-007391 // CNNVD: CNNVD-201612-489 // NVD: CVE-2016-7605

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.9

sources: VULHUB: VHN-96425 // JVNDB: JVNDB-2016-007391 // NVD: CVE-2016-7605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-489

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-489

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007391

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-13-1 macOS 10.12.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/en-us/HT207423	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/ja-jp/HT207423	Trust: 0.8
title:	Apple macOS Sierra Bluetooth Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66523	Trust: 0.6

sources: JVNDB: JVNDB-2016-007391 // CNNVD: CNNVD-201612-489

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7605	Trust: 2.8
db:	BID	id:	94903	Trust: 2.0
db:	SECTRACK	id:	1037469	Trust: 1.1
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007391	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-489	Trust: 0.7
db:	VULHUB	id:	VHN-96425	Trust: 0.1

sources: VULHUB: VHN-96425 // BID: 94903 // JVNDB: JVNDB-2016-007391 // CNNVD: CNNVD-201612-489 // NVD: CVE-2016-7605

REFERENCES

url:	http://www.securityfocus.com/bid/94903	Trust: 1.7
url:	https://support.apple.com/ht207423	Trust: 1.7
url:	http://www.securitytracker.com/id/1037469	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7605	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7605	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-96425 // BID: 94903 // JVNDB: JVNDB-2016-007391 // CNNVD: CNNVD-201612-489 // NVD: CVE-2016-7605

CREDITS

daybreaker@Minionz working with Trend Micro's Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro's Zero Day In

Trust: 0.6

sources: CNNVD: CNNVD-201612-489

SOURCES

db:	VULHUB	id:	VHN-96425
db:	BID	id:	94903
db:	JVNDB	id:	JVNDB-2016-007391
db:	CNNVD	id:	CNNVD-201612-489
db:	NVD	id:	CVE-2016-7605

LAST UPDATE DATE

2025-04-20T21:26:12.846000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96425	date:	2017-07-27T00:00:00
db:	BID	id:	94903	date:	2016-12-20T00:09:00
db:	JVNDB	id:	JVNDB-2016-007391	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201612-489	date:	2017-03-01T00:00:00
db:	NVD	id:	CVE-2016-7605	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96425	date:	2017-02-20T00:00:00
db:	BID	id:	94903	date:	2016-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-007391	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201612-489	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-7605	date:	2017-02-20T08:59:02.290