Details of VAR-201702-0324

ID

VAR-201702-0324

CVE

CVE-2016-4663

TITLE

Apple OS X of NVIDIA Service disruption in graphics driver components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007363

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1 macOS Sierra 10.12.1 is now available and addresses the following: AppleGraphicsControl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved lock state checking. CVE-2016-4662: Apple AppleSMC Available for: macOS Sierra 10.12 Impact: A local user may be able to elevate privileges Description: A null pointer dereference was addressed through improved locking. CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day Initiative ATS Available for: macOS Sierra 10.12 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4667: Simmon Huang of alipay, Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic ATS Available for: macOS Sierra 10.12 Impact: A local user may be able to execute arbitrary code with additional privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team CFNetwork Proxies Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts. CVE-2016-7579: Jerry Decime CoreGraphics Available for: macOS Sierra 10.12 Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent FaceTime Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com FontParser Available for: macOS Sierra 10.12 Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab ImageIO Available for: OS X El Capitan v10.11.6 Impact: Parsing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed through improved bounds checking. CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn) ImageIO Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted image may result in the disclosure of process memory Description: An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking. CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab libarchive Available for: macOS Sierra 10.12 Impact: A malicious archive may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2016-4679: Omer Medan of enSilo Ltd libxpc Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: An application may be able to execute arbitrary code with root privileges Description: A logic issue was addressed through additional restrictions. CVE-2016-4675: Ian Beer of Google Project Zero ntfs Available for: macOS Sierra 10.12 Impact: An application may be able to cause a denial of service Description: An issue existed in the parsing of disk images. This issue was addressed through improved validation. CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office for Information Security) NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to cause a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4663: Apple System Boot Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation. CVE-2016-4669: Ian Beer of Google Project Zero macOS Sierra 10.12.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP 8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD 4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1 NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1 GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9 J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV E0naX6k6U0S+vJiI0JU7 =eHH+ -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2016-4663 // JVNDB: JVNDB-2016-007363 // BID: 93852 // VULHUB: VHN-93482 // PACKETSTORM: 139320

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.0	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.1	Trust: 0.3

sources: BID: 93852 // JVNDB: JVNDB-2016-007363 // CNNVD: CNNVD-201610-705 // NVD: CVE-2016-4663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4663
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-4663
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201610-705
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93482
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4663
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93482
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4663
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93482 // JVNDB: JVNDB-2016-007363 // CNNVD: CNNVD-201610-705 // NVD: CVE-2016-4663

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-93482 // JVNDB: JVNDB-2016-007363 // NVD: CVE-2016-4663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-705

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201610-705

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007363

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/en-us/HT207275	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/ja-jp/HT207275	Trust: 0.8
title:	Apple macOS Sierra NVIDIA Graphics Drivers Repair measures for memory corruption vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65068	Trust: 0.6

sources: JVNDB: JVNDB-2016-007363 // CNNVD: CNNVD-201610-705

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4663	Trust: 2.9
db:	BID	id:	93852	Trust: 2.0
db:	SECTRACK	id:	1037086	Trust: 1.1
db:	JVN	id:	JVNVU90743185	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007363	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-705	Trust: 0.7
db:	ZDI	id:	ZDI-16-589	Trust: 0.3
db:	VULHUB	id:	VHN-93482	Trust: 0.1
db:	PACKETSTORM	id:	139320	Trust: 0.1

sources: VULHUB: VHN-93482 // BID: 93852 // JVNDB: JVNDB-2016-007363 // PACKETSTORM: 139320 // CNNVD: CNNVD-201610-705 // NVD: CVE-2016-4663

REFERENCES

url:	http://www.securityfocus.com/bid/93852	Trust: 1.7
url:	https://support.apple.com/ht207275	Trust: 1.7
url:	http://www.securitytracker.com/id/1037086	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4663	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90743185/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4663	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-ie/ht207275	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-589/	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4675	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4682	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4661	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4678	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4667	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4662	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4669	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4660	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4635	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4674	Trust: 0.1
url:	https://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4671	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4679	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7579	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4663	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4673	Trust: 0.1

sources: VULHUB: VHN-93482 // BID: 93852 // JVNDB: JVNDB-2016-007363 // PACKETSTORM: 139320 // CNNVD: CNNVD-201610-705 // NVD: CVE-2016-4663

CREDITS

Recurity Labs on behalf of BSI (German Federal Office for Information Security), Simmon Huang of alipay, Thelongestusernameofall@gmail.com, Moony Li of TrendMicro, @Flyic, Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn), Shrek_wzw of Qihoo 360 Ni

Trust: 0.6

sources: CNNVD: CNNVD-201610-705

SOURCES

db:	VULHUB	id:	VHN-93482
db:	BID	id:	93852
db:	JVNDB	id:	JVNDB-2016-007363
db:	PACKETSTORM	id:	139320
db:	CNNVD	id:	CNNVD-201610-705
db:	NVD	id:	CVE-2016-4663

LAST UPDATE DATE

2025-04-20T20:33:39.415000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93482	date:	2017-07-29T00:00:00
db:	BID	id:	93852	date:	2016-11-24T01:08:00
db:	JVNDB	id:	JVNDB-2016-007363	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201610-705	date:	2017-03-13T00:00:00
db:	NVD	id:	CVE-2016-4663	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93482	date:	2017-02-20T00:00:00
db:	BID	id:	93852	date:	2016-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-007363	date:	2017-02-28T00:00:00
db:	PACKETSTORM	id:	139320	date:	2016-10-24T21:46:59
db:	CNNVD	id:	CNNVD-201610-705	date:	2016-10-25T00:00:00
db:	NVD	id:	CVE-2016-4663	date:	2017-02-20T08:59:00.337