Sign-up

ID

VAR-201702-0330


CVE

CVE-2016-4670


TITLE

Apple iOS and OS X Security component vulnerability that allows arbitrary password lengths to be obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-007469

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log. Apple iOS and Mac OS are prone to a local security-bypass vulnerability. Attackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Both Apple iOS and macOS are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; macOS was developed for Mac computers. Security vulnerabilities exist in the Security component of Apple iOS versions prior to 10.1 and Apple macOS Sierra versions prior to 10.12.1. An attacker could exploit this vulnerability to obtain the length of a password

Trust: 1.98

sources: NVD: CVE-2016-4670 // JVNDB: JVNDB-2016-007469 // BID: 94433 // VULHUB: VHN-93489

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.12.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:10.0.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.1 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.1 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.1 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.1

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.1

Trust: 0.3

sources: BID: 94433 // JVNDB: JVNDB-2016-007469 // CNNVD: CNNVD-201611-483 // NVD: CVE-2016-4670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4670
value: LOW

Trust: 1.0

NVD: CVE-2016-4670
value: LOW

Trust: 0.8

CNNVD: CNNVD-201611-483
value: LOW

Trust: 0.6

VULHUB: VHN-93489
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-4670
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93489
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4670
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93489 // JVNDB: JVNDB-2016-007469 // CNNVD: CNNVD-201611-483 // NVD: CVE-2016-4670

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-93489 // JVNDB: JVNDB-2016-007469 // NVD: CVE-2016-4670

THREAT TYPE

local

Trust: 0.9

sources: BID: 94433 // CNNVD: CNNVD-201611-483

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201611-483

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007469

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1url:https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html
Trust: 0.8
title:APPLE-SA-2016-10-24-1 iOS 10.1url:https://lists.apple.com/archives/security-announce/2016/Oct/msg00000.html
Trust: 0.8
title:HT207275url:https://support.apple.com/en-us/HT207275
Trust: 0.8
title:HT207271url:https://support.apple.com/en-us/HT207271
Trust: 0.8
title:HT207271url:https://support.apple.com/ja-jp/HT207271
Trust: 0.8
title:HT207275url:https://support.apple.com/ja-jp/HT207275
Trust: 0.8
title:Apple iOS  and Apple macOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65820
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007469 // 
            
            
            
            CNNVD: CNNVD-201611-483

EXTERNAL IDS
db:NVDid:CVE-2016-4670
Trust: 2.8
db:BIDid:94433
Trust: 2.0
db:JVNid:JVNVU90743185
Trust: 0.8
db:JVNDBid:JVNDB-2016-007469
Trust: 0.8
db:CNNVDid:CNNVD-201611-483
Trust: 0.7
db:VULHUBid:VHN-93489
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93489 // 
            
            
            
            BID: 94433 // 
            
            
            
            JVNDB: JVNDB-2016-007469 // 
            
            
            
            CNNVD: CNNVD-201611-483 // 
            
            
            
            NVD: CVE-2016-4670

REFERENCES
url:http://www.securityfocus.com/bid/94433
Trust: 1.7
url:https://support.apple.com/ht207271
Trust: 1.7
url:https://support.apple.com/ht207275
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4670
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90743185/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4670
Trust: 0.8
url:https://support.apple.com/en-in/ht207271
Trust: 0.3
url:https://support.apple.com/en-in/ht207275
Trust: 0.3
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93489 // 
            
            
            
            BID: 94433 // 
            
            
            
            JVNDB: JVNDB-2016-007469 // 
            
            
            
            CNNVD: CNNVD-201611-483 // 
            
            
            
            NVD: CVE-2016-4670

CREDITS
Daniel Jalkut of Red Sweater Software
Trust: 0.9
sources:
            
            
            BID: 94433 // 
            
            
            
            CNNVD: CNNVD-201611-483

SOURCES
db:VULHUBid:VHN-93489
db:BIDid:94433
db:JVNDBid:JVNDB-2016-007469
db:CNNVDid:CNNVD-201611-483
db:NVDid:CVE-2016-4670

LAST UPDATE DATE
2025-04-20T22:40:59.799000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93489date:2017-02-21T00:00:00
db:BIDid:94433date:2016-11-24T00:14:00
db:JVNDBid:JVNDB-2016-007469date:2017-03-01T00:00:00
db:CNNVDid:CNNVD-201611-483date:2017-03-13T00:00:00
db:NVDid:CVE-2016-4670date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-93489date:2017-02-20T00:00:00
db:BIDid:94433date:2016-11-21T00:00:00
db:JVNDBid:JVNDB-2016-007469date:2017-03-01T00:00:00
db:CNNVDid:CNNVD-201611-483date:2016-11-23T00:00:00
db:NVDid:CVE-2016-4670date:2017-02-20T08:59:00.540