Details of VAR-201702-0252

ID

VAR-201702-0252

CVE

CVE-2016-7655

TITLE

plural Apple Product CoreMedia Vulnerability that can be obtained in the external display component

Trust: 0.8

sources: JVNDB: JVNDB-2016-007465

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors. Apple macOS, iOS and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges, obtain sensitive information and overwrite arbitrary files. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 10.2, macOS 10.12.2 and tvOS 10.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system

Trust: 1.98

sources: NVD: CVE-2016-7655 // JVNDB: JVNDB-2016-007465 // BID: 94906 // VULHUB: VHN-96475

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	tvos	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	10.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.2	Trust: 0.3

sources: BID: 94906 // JVNDB: JVNDB-2016-007465 // CNNVD: CNNVD-201612-504 // NVD: CVE-2016-7655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7655
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7655
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201612-504
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96475
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7655
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96475
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7655
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96475 // JVNDB: JVNDB-2016-007465 // CNNVD: CNNVD-201612-504 // NVD: CVE-2016-7655

PROBLEMTYPE DATA

problemtype:

CWE-704

Trust: 1.9

sources: VULHUB: VHN-96475 // JVNDB: JVNDB-2016-007465 // NVD: CVE-2016-7655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-504

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-504

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007465

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-12-1 iOS 10.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00000.html	Trust: 0.8
title:	APPLE-SA-2016-12-13-1 macOS 10.12.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html	Trust: 0.8
title:	APPLE-SA-2016-12-12-3 tvOS 10.1	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00002.html	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/en-us/HT207423	Trust: 0.8
title:	HT207425	url:	https://support.apple.com/en-us/HT207425	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/en-us/HT207422	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/ja-jp/HT207422	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/ja-jp/HT207423	Trust: 0.8
title:	HT207425	url:	https://support.apple.com/ja-jp/HT207425	Trust: 0.8
title:	Multiple Apple product CoreMedia External Displays Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66538	Trust: 0.6

sources: JVNDB: JVNDB-2016-007465 // CNNVD: CNNVD-201612-504

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7655	Trust: 2.8
db:	BID	id:	94906	Trust: 2.0
db:	SECTRACK	id:	1037469	Trust: 1.1
db:	JVN	id:	JVNVU93979172	Trust: 0.8
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007465	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-504	Trust: 0.7
db:	VULHUB	id:	VHN-96475	Trust: 0.1

sources: VULHUB: VHN-96475 // BID: 94906 // JVNDB: JVNDB-2016-007465 // CNNVD: CNNVD-201612-504 // NVD: CVE-2016-7655

REFERENCES

url:	http://www.securityfocus.com/bid/94906	Trust: 1.7
url:	https://support.apple.com/ht207422	Trust: 1.7
url:	https://support.apple.com/ht207423	Trust: 1.7
url:	http://www.securitytracker.com/id/1037469	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7655	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93979172/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7655	Trust: 0.8
url:	https://support.apple.com/zh-cn/ht207425	Trust: 0.6
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/dec/msg00003.html	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/dec/msg00007.html	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2016/dec/msg00008.html	Trust: 0.3

sources: VULHUB: VHN-96475 // BID: 94906 // JVNDB: JVNDB-2016-007465 // CNNVD: CNNVD-201612-504 // NVD: CVE-2016-7655

CREDITS

Ian Beer of Google Project Zero, Keen Lab working with Trend Micro's Zero DayInitiative

Trust: 0.6

sources: CNNVD: CNNVD-201612-504

SOURCES

db:	VULHUB	id:	VHN-96475
db:	BID	id:	94906
db:	JVNDB	id:	JVNDB-2016-007465
db:	CNNVD	id:	CNNVD-201612-504
db:	NVD	id:	CVE-2016-7655

LAST UPDATE DATE

2025-04-20T21:56:10.401000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96475	date:	2017-07-27T00:00:00
db:	BID	id:	94906	date:	2016-12-20T00:09:00
db:	JVNDB	id:	JVNDB-2016-007465	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201612-504	date:	2017-03-01T00:00:00
db:	NVD	id:	CVE-2016-7655	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96475	date:	2017-02-20T00:00:00
db:	BID	id:	94906	date:	2016-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-007465	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201612-504	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-7655	date:	2017-02-20T08:59:04.010