Details of VAR-201702-0388

ID

VAR-201702-0388

CVE

CVE-2016-4617

TITLE

Apple OS X Vulnerable to sandbox escape

Trust: 0.8

sources: JVNDB: JVNDB-2016-007443

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. Apple macOS is prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. libxpc is an open source implementation of Apple's XPC library. A security vulnerability exists in the libxpc component of Apple macOS Sierra prior to 10.12. An attacker can exploit this vulnerability to break out of the sandbox

Trust: 1.98

sources: NVD: CVE-2016-4617 // JVNDB: JVNDB-2016-007443 // BID: 96329 // VULHUB: VHN-93436

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.7.5 or later 10.12	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12	Trust: 0.3

sources: BID: 96329 // JVNDB: JVNDB-2016-007443 // CNNVD: CNNVD-201702-718 // NVD: CVE-2016-4617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4617
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4617
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201702-718
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93436
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4617
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93436
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4617
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93436 // JVNDB: JVNDB-2016-007443 // CNNVD: CNNVD-201702-718 // NVD: CVE-2016-4617

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-93436 // JVNDB: JVNDB-2016-007443 // NVD: CVE-2016-4617

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201702-718

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201702-718

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007443

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-09-20 macOS Sierra 10.12	url:	https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/en-us/HT207170	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/ja-jp/HT207170	Trust: 0.8
title:	Apple macOS Sierra libxpc Fixes for component permissions licensing and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68135	Trust: 0.6

sources: JVNDB: JVNDB-2016-007443 // CNNVD: CNNVD-201702-718

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4617	Trust: 2.8
db:	BID	id:	96329	Trust: 1.4
db:	JVN	id:	JVNVU90950877	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007443	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-718	Trust: 0.7
db:	VULHUB	id:	VHN-93436	Trust: 0.1

sources: VULHUB: VHN-93436 // BID: 96329 // JVNDB: JVNDB-2016-007443 // CNNVD: CNNVD-201702-718 // NVD: CVE-2016-4617

REFERENCES

url:	https://support.apple.com/ht207170	Trust: 1.7
url:	http://www.securityfocus.com/bid/96329	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4617	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90950877/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4617	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3

sources: VULHUB: VHN-93436 // BID: 96329 // JVNDB: JVNDB-2016-007443 // CNNVD: CNNVD-201702-718 // NVD: CVE-2016-4617

CREDITS

Gregor Kopf of Recurity Labs on behalf of BSI (German Federal Office for Information Security).

Trust: 0.3

sources: BID: 96329

SOURCES

db:	VULHUB	id:	VHN-93436
db:	BID	id:	96329
db:	JVNDB	id:	JVNDB-2016-007443
db:	CNNVD	id:	CNNVD-201702-718
db:	NVD	id:	CVE-2016-4617

LAST UPDATE DATE

2025-04-20T22:41:09.374000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93436	date:	2017-03-24T00:00:00
db:	BID	id:	96329	date:	2017-03-29T02:01:00
db:	JVNDB	id:	JVNDB-2016-007443	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201702-718	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-4617	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93436	date:	2017-02-20T00:00:00
db:	BID	id:	96329	date:	2017-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-007443	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201702-718	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-4617	date:	2017-02-20T08:59:00.213