Details of VAR-201702-0458

ID

VAR-201702-0458

CVE

CVE-2016-7577

TITLE

Apple iOS and OS X of FaceTime Component corruption vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007473

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended. Apple iOS and Mac OS are prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. Both Apple iOS and macOS are operating systems of Apple Inc. in the United States. A security vulnerability exists in the FaceTime component of Apple iOS prior to 10.1 and Apple macOS Sierra prior to 10.12.1. An attacker could exploit this vulnerability to cause a transferred call to continue to transmit audio

Trust: 1.98

sources: NVD: CVE-2016-7577 // JVNDB: JVNDB-2016-007473 // BID: 94429 // VULHUB: VHN-96397

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.0	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.1	Trust: 0.3

sources: BID: 94429 // JVNDB: JVNDB-2016-007473 // CNNVD: CNNVD-201611-476 // NVD: CVE-2016-7577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7577
value:	LOW
Trust: 1.0
NVD:	CVE-2016-7577
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201611-476
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96397
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7577
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96397
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7577
baseSeverity:	LOW
baseScore:	3.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96397 // JVNDB: JVNDB-2016-007473 // CNNVD: CNNVD-201611-476 // NVD: CVE-2016-7577

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-96397 // JVNDB: JVNDB-2016-007473 // NVD: CVE-2016-7577

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-476

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201611-476

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007473

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-10-24-1 iOS 10.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00000.html	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/en-us/HT207275	Trust: 0.8
title:	HT207271	url:	https://support.apple.com/en-us/HT207271	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/ja-jp/HT207275	Trust: 0.8
title:	HT207271	url:	https://support.apple.com/ja-jp/HT207271	Trust: 0.8
title:	Apple iOS and Apple macOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65813	Trust: 0.6

sources: JVNDB: JVNDB-2016-007473 // CNNVD: CNNVD-201611-476

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7577	Trust: 2.8
db:	BID	id:	94429	Trust: 2.0
db:	JVN	id:	JVNVU90743185	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007473	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-476	Trust: 0.7
db:	VULHUB	id:	VHN-96397	Trust: 0.1

sources: VULHUB: VHN-96397 // BID: 94429 // JVNDB: JVNDB-2016-007473 // CNNVD: CNNVD-201611-476 // NVD: CVE-2016-7577

REFERENCES

url:	http://www.securityfocus.com/bid/94429	Trust: 1.7
url:	https://support.apple.com/ht207271	Trust: 1.7
url:	https://support.apple.com/ht207275	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7577	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90743185/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7577	Trust: 0.8
url:	https://support.apple.com/en-in/ht207271	Trust: 0.3
url:	https://support.apple.com/en-in/ht207275	Trust: 0.3
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3

sources: VULHUB: VHN-96397 // BID: 94429 // JVNDB: JVNDB-2016-007473 // CNNVD: CNNVD-201611-476 // NVD: CVE-2016-7577

CREDITS

Martin Vigo (@martin_vigo) of salesforce.com and Daniel Jalkut of Red Sweater Software.

Trust: 0.9

sources: BID: 94429 // CNNVD: CNNVD-201611-476

SOURCES

db:	VULHUB	id:	VHN-96397
db:	BID	id:	94429
db:	JVNDB	id:	JVNDB-2016-007473
db:	CNNVD	id:	CNNVD-201611-476
db:	NVD	id:	CVE-2016-7577

LAST UPDATE DATE

2025-04-20T21:22:33.429000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96397	date:	2017-02-21T00:00:00
db:	BID	id:	94429	date:	2016-11-24T00:14:00
db:	JVNDB	id:	JVNDB-2016-007473	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-476	date:	2017-03-07T00:00:00
db:	NVD	id:	CVE-2016-7577	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96397	date:	2017-02-20T00:00:00
db:	BID	id:	94429	date:	2016-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-007473	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-476	date:	2016-11-23T00:00:00
db:	NVD	id:	CVE-2016-7577	date:	2017-02-20T08:59:01.400