Sign-up

ID

VAR-201702-0208


CVE

CVE-2016-7609


TITLE

Apple macOS of AppleGraphicsPowerManagement Denial of service in component (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007393

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of the AppleGraphicsPowerManagement kext. The issue lies in the absence of a check to ensure that a pointer is not null. An attacker can leverage this vulnerability to escalate privileges under the context of the kernel. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. AppleGraphicsPowerManagement is one of the graphics card power management components. Attackers can exploit this vulnerability to cause system denial of service

Trust: 2.61

sources: NVD: CVE-2016-7609 // JVNDB: JVNDB-2016-007393 // ZDI: ZDI-16-642 // BID: 94903 // VULHUB: VHN-96429

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.1

Trust: 1.0

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.2

Trust: 0.3

sources: ZDI: ZDI-16-642 // BID: 94903 // JVNDB: JVNDB-2016-007393 // CNNVD: CNNVD-201612-486 // NVD: CVE-2016-7609

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7609
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-7609
value: MEDIUM

Trust: 0.8

ZDI: CVE-2016-7609
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201612-486
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7609
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-7609
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-96429
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7609
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-16-642 // VULHUB: VHN-96429 // JVNDB: JVNDB-2016-007393 // CNNVD: CNNVD-201612-486 // NVD: CVE-2016-7609

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-96429 // JVNDB: JVNDB-2016-007393 // NVD: CVE-2016-7609

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201612-486

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-486

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007393

PATCH
title:HT207423url:https://support.apple.com/en-us/HT207423
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-12-13-1 macOS 10.12.2url:https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html
Trust: 0.8
title:HT207423url:https://support.apple.com/ja-jp/HT207423
Trust: 0.8
title:Apple macOS Sierra Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66520
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-642 // 
            
            
            
            JVNDB: JVNDB-2016-007393 // 
            
            
            
            CNNVD: CNNVD-201612-486

EXTERNAL IDS
db:NVDid:CVE-2016-7609
Trust: 3.5
db:BIDid:94903
Trust: 2.0
db:SECTRACKid:1037469
Trust: 1.1
db:JVNid:JVNVU97133642
Trust: 0.8
db:JVNDBid:JVNDB-2016-007393
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3864
Trust: 0.7
db:ZDIid:ZDI-16-642
Trust: 0.7
db:CNNVDid:CNNVD-201612-486
Trust: 0.7
db:VULHUBid:VHN-96429
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-642 // 
            
            
            
            VULHUB: VHN-96429 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007393 // 
            
            
            
            CNNVD: CNNVD-201612-486 // 
            
            
            
            NVD: CVE-2016-7609

REFERENCES
url:http://www.securityfocus.com/bid/94903
Trust: 1.7
url:https://support.apple.com/ht207423
Trust: 1.7
url:http://www.securitytracker.com/id/1037469
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7609
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97133642/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7609
Trust: 0.8
url:https://support.apple.com/en-us/ht207423
Trust: 0.7
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-642 // 
            
            
            
            VULHUB: VHN-96429 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007393 // 
            
            
            
            CNNVD: CNNVD-201612-486 // 
            
            
            
            NVD: CVE-2016-7609

CREDITS
daybreaker@Minionz
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-642

SOURCES
db:ZDIid:ZDI-16-642
db:VULHUBid:VHN-96429
db:BIDid:94903
db:JVNDBid:JVNDB-2016-007393
db:CNNVDid:CNNVD-201612-486
db:NVDid:CVE-2016-7609

LAST UPDATE DATE
2025-04-20T21:51:58.580000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-642date:2016-12-15T00:00:00
db:VULHUBid:VHN-96429date:2017-07-27T00:00:00
db:BIDid:94903date:2016-12-20T00:09:00
db:JVNDBid:JVNDB-2016-007393date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-486date:2017-03-01T00:00:00
db:NVDid:CVE-2016-7609date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-642date:2016-12-15T00:00:00
db:VULHUBid:VHN-96429date:2017-02-20T00:00:00
db:BIDid:94903date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007393date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-486date:2016-12-15T00:00:00
db:NVDid:CVE-2016-7609date:2017-02-20T08:59:02.417