VARIoT IoT vulnerabilities database
| VAR-201702-0262 | CVE-2016-7665 | Apple iOS Service disruption in other graphic driver components (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Graphics Driver is one of the graphics driver components. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 is now available and addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous
researcher
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYTiPGAAoJEIOj74w0bLRGZMcP/RM+OgncAt5xJjomwOdD15tT
krK4Mc5bHB89SOjef69Ucz1va25PrB6WWE6nksMfuIa/CSEysG/ZN6UxV0Vdt0As
RiBipMbc9/yHnB4wuuItIwsEIUc8EPLuU4lAYWXR7e5RUVhjQzXHd6pyTIIzC6w+
EfSr4vBV6JMrLtGcDyuoUQPE+XoLevOAo80ub2mgUr1TkMvh9rv9M75+DiPB67La
V4rhQHNyrn4nOB93DzqYaTBxAg7pv1ASzEQsAVuYoUGrkNIS+d54W36GZ5g2MgUy
S0jLIePv7rxvVWDIg/NMfVR/jxq7P+gayprS9aWuXUCceWMbZWeJ79DDkII9WluQ
tZvHUScv1lnZneXmiyOpqWqEOoKDcNHZhp3LLG5bxc5gDqBcofCZIpUTLSSAVgNj
tuOEUkdXNpRQw2U6WFwZt6ltUDIon9krr2OUUS/SwMbWlItreEemAfZ0ZBSrTF6Z
dHjWrbPxP2AYqVgF5PTO15WqvPD3EbGFJz7THkQe50OG3ce/UG8c6PY3Cw/LwryC
FArtNKKzCOOMkaOm2hpuUg77u0VAyfNG4QcOvKq0mN+RXSmyNYukTUhdbvXRbLss
2yjlRhhMVWefHePUbOmQ4XAr1L+NVFC5OHyxmXOidVhePek0+RdznCL3C1CGYEMf
SF2rnFxLrvzyhCzt3+Nn
=JCF+
-----END PGP SIGNATURE-----
| VAR-201702-0261 | CVE-2016-7664 | Apple iOS Vulnerability in obtaining important photo and contact information in the accessibility component of |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Accessibility is one of the components that helps people with disabilities use mobile phones better. An information disclosure vulnerability exists in the Accessibility component of Apple iOS prior to 10.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 is now available and addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information.
CVE-2016-7638: Sezer Sakiner, an anonymous researcher
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of
service
Description: A denial of service issue existed in the handling of
video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous
researcher
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYTiPGAAoJEIOj74w0bLRGZMcP/RM+OgncAt5xJjomwOdD15tT
krK4Mc5bHB89SOjef69Ucz1va25PrB6WWE6nksMfuIa/CSEysG/ZN6UxV0Vdt0As
RiBipMbc9/yHnB4wuuItIwsEIUc8EPLuU4lAYWXR7e5RUVhjQzXHd6pyTIIzC6w+
EfSr4vBV6JMrLtGcDyuoUQPE+XoLevOAo80ub2mgUr1TkMvh9rv9M75+DiPB67La
V4rhQHNyrn4nOB93DzqYaTBxAg7pv1ASzEQsAVuYoUGrkNIS+d54W36GZ5g2MgUy
S0jLIePv7rxvVWDIg/NMfVR/jxq7P+gayprS9aWuXUCceWMbZWeJ79DDkII9WluQ
tZvHUScv1lnZneXmiyOpqWqEOoKDcNHZhp3LLG5bxc5gDqBcofCZIpUTLSSAVgNj
tuOEUkdXNpRQw2U6WFwZt6ltUDIon9krr2OUUS/SwMbWlItreEemAfZ0ZBSrTF6Z
dHjWrbPxP2AYqVgF5PTO15WqvPD3EbGFJz7THkQe50OG3ce/UG8c6PY3Cw/LwryC
FArtNKKzCOOMkaOm2hpuUg77u0VAyfNG4QcOvKq0mN+RXSmyNYukTUhdbvXRbLss
2yjlRhhMVWefHePUbOmQ4XAr1L+NVFC5OHyxmXOidVhePek0+RdznCL3C1CGYEMf
SF2rnFxLrvzyhCzt3+Nn
=JCF+
-----END PGP SIGNATURE-----
| VAR-201702-0250 | CVE-2016-7653 | Apple iOS Vulnerability in retrieving important photo and contact information in the Media Player component |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Media Player is one of the media player components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 is now available and addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information.
CVE-2016-7638: Sezer Sakiner, an anonymous researcher
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of
service
Description: A denial of service issue existed in the handling of
video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous
researcher
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYTiPGAAoJEIOj74w0bLRGZMcP/RM+OgncAt5xJjomwOdD15tT
krK4Mc5bHB89SOjef69Ucz1va25PrB6WWE6nksMfuIa/CSEysG/ZN6UxV0Vdt0As
RiBipMbc9/yHnB4wuuItIwsEIUc8EPLuU4lAYWXR7e5RUVhjQzXHd6pyTIIzC6w+
EfSr4vBV6JMrLtGcDyuoUQPE+XoLevOAo80ub2mgUr1TkMvh9rv9M75+DiPB67La
V4rhQHNyrn4nOB93DzqYaTBxAg7pv1ASzEQsAVuYoUGrkNIS+d54W36GZ5g2MgUy
S0jLIePv7rxvVWDIg/NMfVR/jxq7P+gayprS9aWuXUCceWMbZWeJ79DDkII9WluQ
tZvHUScv1lnZneXmiyOpqWqEOoKDcNHZhp3LLG5bxc5gDqBcofCZIpUTLSSAVgNj
tuOEUkdXNpRQw2U6WFwZt6ltUDIon9krr2OUUS/SwMbWlItreEemAfZ0ZBSrTF6Z
dHjWrbPxP2AYqVgF5PTO15WqvPD3EbGFJz7THkQe50OG3ce/UG8c6PY3Cw/LwryC
FArtNKKzCOOMkaOm2hpuUg77u0VAyfNG4QcOvKq0mN+RXSmyNYukTUhdbvXRbLss
2yjlRhhMVWefHePUbOmQ4XAr1L+NVFC5OHyxmXOidVhePek0+RdznCL3C1CGYEMf
SF2rnFxLrvzyhCzt3+Nn
=JCF+
-----END PGP SIGNATURE-----
| VAR-201702-0236 | CVE-2016-7638 | Apple iOS In "iPhone Find " Component disabled vulnerability |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Find My iPhone is one of the components that provides the function of recovering an accidentally lost iPhone. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 is now available and addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information.
CVE-2016-7638: Sezer Sakiner, an anonymous researcher
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of
service
Description: A denial of service issue existed in the handling of
video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous
researcher
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYTiPGAAoJEIOj74w0bLRGZMcP/RM+OgncAt5xJjomwOdD15tT
krK4Mc5bHB89SOjef69Ucz1va25PrB6WWE6nksMfuIa/CSEysG/ZN6UxV0Vdt0As
RiBipMbc9/yHnB4wuuItIwsEIUc8EPLuU4lAYWXR7e5RUVhjQzXHd6pyTIIzC6w+
EfSr4vBV6JMrLtGcDyuoUQPE+XoLevOAo80ub2mgUr1TkMvh9rv9M75+DiPB67La
V4rhQHNyrn4nOB93DzqYaTBxAg7pv1ASzEQsAVuYoUGrkNIS+d54W36GZ5g2MgUy
S0jLIePv7rxvVWDIg/NMfVR/jxq7P+gayprS9aWuXUCceWMbZWeJ79DDkII9WluQ
tZvHUScv1lnZneXmiyOpqWqEOoKDcNHZhp3LLG5bxc5gDqBcofCZIpUTLSSAVgNj
tuOEUkdXNpRQw2U6WFwZt6ltUDIon9krr2OUUS/SwMbWlItreEemAfZ0ZBSrTF6Z
dHjWrbPxP2AYqVgF5PTO15WqvPD3EbGFJz7THkQe50OG3ce/UG8c6PY3Cw/LwryC
FArtNKKzCOOMkaOm2hpuUg77u0VAyfNG4QcOvKq0mN+RXSmyNYukTUhdbvXRbLss
2yjlRhhMVWefHePUbOmQ4XAr1L+NVFC5OHyxmXOidVhePek0+RdznCL3C1CGYEMf
SF2rnFxLrvzyhCzt3+Nn
=JCF+
-----END PGP SIGNATURE-----
| VAR-201702-0232 | CVE-2016-7634 | Apple iOS Password disclosure vulnerability in accessibility components |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Accessibility is one of the components that helps people with disabilities use mobile phones better. A nearby attacker could exploit this vulnerability to obtain a user's dictated password. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 is now available and addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information.
CVE-2016-7638: Sezer Sakiner, an anonymous researcher
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of
service
Description: A denial of service issue existed in the handling of
video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger, an anonymous
researcher
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYTiPGAAoJEIOj74w0bLRGZMcP/RM+OgncAt5xJjomwOdD15tT
krK4Mc5bHB89SOjef69Ucz1va25PrB6WWE6nksMfuIa/CSEysG/ZN6UxV0Vdt0As
RiBipMbc9/yHnB4wuuItIwsEIUc8EPLuU4lAYWXR7e5RUVhjQzXHd6pyTIIzC6w+
EfSr4vBV6JMrLtGcDyuoUQPE+XoLevOAo80ub2mgUr1TkMvh9rv9M75+DiPB67La
V4rhQHNyrn4nOB93DzqYaTBxAg7pv1ASzEQsAVuYoUGrkNIS+d54W36GZ5g2MgUy
S0jLIePv7rxvVWDIg/NMfVR/jxq7P+gayprS9aWuXUCceWMbZWeJ79DDkII9WluQ
tZvHUScv1lnZneXmiyOpqWqEOoKDcNHZhp3LLG5bxc5gDqBcofCZIpUTLSSAVgNj
tuOEUkdXNpRQw2U6WFwZt6ltUDIon9krr2OUUS/SwMbWlItreEemAfZ0ZBSrTF6Z
dHjWrbPxP2AYqVgF5PTO15WqvPD3EbGFJz7THkQe50OG3ce/UG8c6PY3Cw/LwryC
FArtNKKzCOOMkaOm2hpuUg77u0VAyfNG4QcOvKq0mN+RXSmyNYukTUhdbvXRbLss
2yjlRhhMVWefHePUbOmQ4XAr1L+NVFC5OHyxmXOidVhePek0+RdznCL3C1CGYEMf
SF2rnFxLrvzyhCzt3+Nn
=JCF+
-----END PGP SIGNATURE-----
| VAR-201702-0248 | CVE-2016-7651 | Apple iOS and watchOS Vulnerabilities that bypass authentication restrictions in the account component |
CVSS V2: 4.6 CVSS V3: 5.3 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. Apple iOS and watchOS are prone to a security bypass vulnerability.
Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. An attacker could exploit this vulnerability to make it impossible for users to reset the authorization settings for uninstalling applications. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-3 watchOS 3.1.3
watchOS 3.1.3 is now available and addresses the following:
Accounts
Available for: All Apple Watch models
Impact: Uninstalling an app did not reset the authorization settings
Description: An issue existed which did not reset the authorization
settings on app uninstall. This issue was addressed through improved
sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Audio
Available for: All Apple Watch models
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Auto Unlock
Available for: All Apple Watch models
Impact: Auto Unlock may unlock when Apple Watch is off the user's
wrist
Description: A logic issue was addressed through improved state
management.
CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd
CoreFoundation
Available for: All Apple Watch models
Impact: Processing maliciously crafted strings may lead to an
unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
strings. This issue was addressed through improved bounds checking.
CVE-2016-7663: an anonymous researcher
CoreGraphics
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
unexpected application termination
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
CoreMedia Playback
Available for: All Apple Watch models
Impact: Processing a maliciously crafted .mp4 file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform
Department
Disk Images
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform
Department
FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4688: Simon Huang of Alipay company,
thelongestusernameofall@gmail.com
ICU
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7594: AndrA(c) Bargull
ImageIO
Available for: All Apple Watch models
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
IOHIDFamily
Available for: All Apple Watch models
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7591: daybreaker of Minionz
IOKit
Available for: All Apple Watch models
Impact: An application may be able to read kernel memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day
Initiative
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-7606: Chen Qin of Topsec Alpha Team (topsec.com), @cocoahuke
CVE-2016-7612: Ian Beer of Google Project Zero
Kernel
Available for: All Apple Watch models
Impact: An application may be able to read kernel memory
Description: An insufficient initialization issue was addressed by
properly initializing memory returned to user space.
CVE-2016-7607: Brandon Azad
Kernel
Available for: All Apple Watch models
Impact: A local user may be able to cause a system denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: All Apple Watch models
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7621: Ian Beer of Google Project Zero
Kernel
Available for: All Apple Watch models
Impact: A local user may be able to gain root privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7637: Ian Beer of Google Project Zero
Kernel
Available for: All Apple Watch models
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7644: Ian Beer of Google Project Zero
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2370: Ian Beer of Google Project Zero
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2360: Ian Beer of Google Project Zero
libarchive
Available for: All Apple Watch models
Impact: A local attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2016-7619: an anonymous researcher
libarchive
Available for: All Apple Watch models
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2016-8687: Agostino Sarubbo of Gentoo
Profiles
Available for: All Apple Watch models
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
Security
Available for: All Apple Watch models
Impact: An attacker may be able to exploit weaknesses in the 3DES
cryptographic algorithm
Description: 3DES was removed as a default cipher.
CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA
Paris
Security
Available for: All Apple Watch models
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A validation issue existed in the handling of OCSP
responder URLs. This issue was addressed by verifying OCSP revocation
status after CA validation and limiting the number of OCSP requests
per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Security
Available for: All Apple Watch models
Impact: Certificates may be unexpectedly evaluated as trusted
Description: A certificate evaluation issue existed in certificate
validation. This issue was addressed through additional validation of
certificates.
CVE-2016-7662: Apple
syslog
Available for: All Apple Watch models
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7660: Ian Beer of Google Project Zero
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may exfiltrate
data cross-origin
Description: Multiple validation issues existed in the handling of
page loading. This issue was addressed through improved logic.
CVE-2017-2363: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLhAAoJEIOj74w0bLRGGHoQAN1fT/3R7qBCadclKXvxfs49
97/3sMt5Daw9EQjmw7/ye3Xc4lMR7rw5swBlKJDsKahn3qu95nhPk+zbxBW1jmeQ
1W6yr+SQoYZURxQoQ30qmyNQgEBjmk+nJlUN3SE8feibfGdRJBIHNDho9XBeRqvU
Bv64p1IRx8jo+YL98qCt3YZIcsR33e/mdpxVX+HJzCu/gXiEW4vma6Bpn6QOji0C
xY4hebFBdLdZXgDvmcqvz89BUfVM9Sk3gC92wpPPMRVKom1R9cuLAEUA2Xiuendy
VL7oHlERk+jChy/qRVmeVtk8l5fETNN5jFm1w39jWSt8BgZopshEhfRTYBPxiYxL
9Ah7PYfwyZWUj1VTwbnvdec44CQBX2/XIITfThPjX79811lJ65iS4PmNAvXAPAzF
mfKq9/94KB02StTMaVQMxQo3798PdjmW882SoAK0M5GHhf8e7wRAi6Tge7g5zPEe
cG+rcCdNqwH+7StQJnW1keHcU5GWPESFNSYiGVtbkGi5/KKUPbqsMFCpf4AiGQbK
nE9HOaS1qSkThvet0H+68Ec1UAGTWhXkNbIyxJGAutQnETzOJF97nb8elOzZK1MN
C6Liplz1bpGjNO9sXljdRh6KYThmDM7oy3NoJXhY9Rwy3LnJinIp0iEis9IMkHdA
YQ7bZyojEtZl7UHDHJVE
=RfaO
-----END PGP SIGNATURE-----
.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2"
| VAR-201702-0200 | CVE-2016-7601 | Apple iOS Local authentication component vulnerability |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Local Authentication is one of the local authentication modules. An attacker can exploit this vulnerability to disable the lock screen. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Entry added December 13, 2016
CoreFoundation
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing malicious strings may lead to an unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
strings. This issue was addressed through improved bounds checking.
CVE-2016-7663: an anonymous researcher
Entry added December 13, 2016
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
unexpected application termination
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
Entry added December 13, 2016
CoreMedia External Displays
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code in
the context of the mediaserver daemon
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
CoreMedia Playback
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted .mp4 file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
Entry added December 13, 2016
CoreText
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform
Department
Entry added December 13, 2016
Disk Images
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information.
CVE-2016-7638: an anonymous researcher, Sezer Sakiner
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform
Department
Entry added December 13, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4688: Simon Huang of Alipay company,
thelongestusernameofall@gmail.com
Entry added December 13, 2016
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of
service
Description: A denial of service issue existed in the handling of
video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger
ICU
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7594: AndrA(c) Bargull
Entry added December 13, 2016
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
ImageIO
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
Entry added December 13, 2016
IOHIDFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7591: daybreaker of Minionz
Entry added December 13, 2016
IOKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read kernel memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)
CVE-2016-7612: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read kernel memory
Description: An insufficient initialization issue was addressed by
properly initializing memory returned to user space.
CVE-2016-7607: Brandon Azad
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause a system denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7621: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to gain root privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7637: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7644: Ian Beer of Google Project Zero
Entry added December 13, 2016
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2016-7619: an anonymous researcher
Entry added December 13, 2016
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Power Management
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7661: Ian Beer of Google Project Zero
Entry added December 13, 2016
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen
Entry added December 13, 2016
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker may be able to exploit weaknesses in the 3DES
cryptographic algorithm
Description: 3DES was removed as a default cipher.
CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA
Paris
Entry added December 13, 2016
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A validation issue existed in the handling of OCSP
responder URLs. This issue was addressed by verifying OCSP revocation
status after CA validation and limiting the number of OCSP requests
per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Entry added December 13, 2016
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Certificates may be unexpectedly evaluated as trusted
Description: A certificate evaluation issue existed in certificate
validation. This issue was addressed through additional validation of
certificates.
CVE-2016-7662: Apple
Entry added December 13, 2016
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
syslog
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7660: Ian Beer of Google Project Zero
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4743: Alan Cutter
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: A validation issue was addressed through improved state
management.
CVE-2016-7586: Boris Zbarsky
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-7587: Adam Klein
CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with
Trend Micro's Zero Day Initiative
CVE-2016-7611: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2016-7639: Tongbo Luo of Palo Alto Networks
CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7642: Tongbo Luo of Palo Alto Networks
CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7654: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
CVE-2016-7656: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An issue existed in handling of JavaScript prompts. This
was addressed through improved state management.
CVE-2016-7592: xisigr of Tencent's Xuanwu Lab
(tencent.com)
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An uninitialized memory access issue was addressed
through improved memory initialization.
CVE-2016-7598: Samuel GroA
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An issue existed in the handling of HTTP redirects. This
issue was addressed through improved cross origin validation.
CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies
Co., Ltd.
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may compromise user
information
Description: An issue existed in the handling of blob URLs. This
issue was addressed through improved URL handling.
CVE-2016-7623: xisigr of Tencent's Xuanwu Lab
(tencent.com)
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7632: Jeonghoon Shin
Entry added December 13, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LLAAoJEIOj74w0bLRGMloP/RDTtXKaNcwG2eVfvwcJOq7r
6/xS+aoLjvcgHSn6Q4q4Ez0HFchHjflKV7lAtCe7RDEJxjQZw7/DrpoPSqtiwgpI
0RRvbgy6qmfKQxf2dmXCbDJh/sdIATmc/sF+RncvboYvi2n7AEHQwn+1Axtsag2m
HcxecQdlRjoj2A9x+d0EdKNj5pbZmL/YM5jZBQimNKaF7HnCjFrK6u/Xs0cKwypH
zqD7ZCyYD2gN08DJbaAFPm+JTINwi/wI3pvg+WPphbG2IAufNs0KoSv1TX/yY45F
G1oiQSSCqYNKWmC4Pa03ycxMH3eywnKp4D29400n7XkG4Hs8wfXBig5QutUQWtM1
YEm6s+K2qiee+9shc4YMqMumNUA4tFCv2a4OG1sUYDZiPxkW0mWW+Y8u+u9D2ao5
z+mOGuuf4NIl3EcEcnLKLVlSIVFmsiJkPRYTSafwQ6o9kX3N6CtR2suvydm90su1
V2hbIWRia/uhrK7KUk83nOf3e5eqjzb4P7+z8TP0GwRkNST+nVXbYA3274kZ+Ik2
Z0g38tXO7F2r/QQmDswrsYP2q9T7/xpLbmNjuyGdcwqz57La4fszc4K2twEC6NEb
9drzqLyyG8fJd0MB1QqivSKLdm1wsYDd379osBQYpmSSWcZ/hkIQsB7PZ5f8vcOc
4zLHOqZUbWi1DVWViMNQ
=LKqY
-----END PGP SIGNATURE-----
| VAR-201702-0196 | CVE-2016-7597 | Apple iOS of SpringBoard Vulnerabilities that maintain unlocked state in components |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. An attacker in physical proximity could exploit this vulnerability to cause the device to remain unlocked. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-13-5 Additional information for
APPLE-SA-2016-12-12-1 iOS 10.2
iOS 10.2 addresses the following:
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A nearby user may be able to overhear spoken passwords
Description: A disclosure issue existed in the handling of passwords.
This issue was addressed by disabling the speaking of passwords.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device. This issue was addressed by restricting
options offered on a locked device.
CVE-2016-7664: Miguel Alvarado of iDeviceHelp
Accounts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An issue existed which did not reset the authorization
settings on app uninstall
Description: This issue was addressed through improved sanitization.
CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Entry added December 13, 2016
CoreFoundation
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing malicious strings may lead to an unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
strings. This issue was addressed through improved bounds checking.
CVE-2016-7663: an anonymous researcher
Entry added December 13, 2016
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
unexpected application termination
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
Entry added December 13, 2016
CoreMedia External Displays
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code in
the context of the mediaserver daemon
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
CoreMedia Playback
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted .mp4 file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
Entry added December 13, 2016
CoreText
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform
Department
Entry added December 13, 2016
Disk Images
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
Find My iPhone
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with an unlocked device may be able to disable
Find My iPhone
Description: A state management issue existed in the handling of
authentication information. This issue was addressed through
improved storage of account information.
CVE-2016-7638: an anonymous researcher, Sezer Sakiner
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform
Department
Entry added December 13, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4688: Simon Huang of Alipay company,
thelongestusernameofall@gmail.com
Entry added December 13, 2016
Graphics Driver
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Watching a maliciously crafted video may lead to a denial of
service
Description: A denial of service issue existed in the handling of
video. This issue was addressed through improved input validation.
CVE-2016-7665: Moataz El Gaml of Schlumberger
ICU
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7594: AndrA(c) Bargull
Entry added December 13, 2016
Image Capture
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A validation issue existed in the handling of USB image
devices. This issue was addressed through improved input validation.
CVE-2016-4690: Andy Davis of NCC Group
ImageIO
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
Entry added December 13, 2016
IOHIDFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7591: daybreaker of Minionz
Entry added December 13, 2016
IOKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read kernel memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)
CVE-2016-7612: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read kernel memory
Description: An insufficient initialization issue was addressed by
properly initializing memory returned to user space.
CVE-2016-7607: Brandon Azad
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause a system denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7621: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to gain root privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7637: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7644: Ian Beer of Google Project Zero
Entry added December 13, 2016
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2016-7619: an anonymous researcher
Entry added December 13, 2016
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed through
improved handling of the idle timer.
CVE-2016-7601: an anonymous researcher
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An email signed with a revoked certificate may appear valid
Description: S/MIME policy failed to check if a certificate was
valid. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-4689: an anonymous researcher
Media Player
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A user may be able to view photos and contacts from the
lockscreen
Description: A validation issue existed in the handling of media
selection. This issue was addressed through improved validation.
CVE-2016-7653
Power Management
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7661: Ian Beer of Google Project Zero
Entry added December 13, 2016
Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-7650: Erling Ellingsen
Entry added December 13, 2016
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker may be able to exploit weaknesses in the 3DES
cryptographic algorithm
Description: 3DES was removed as a default cipher.
CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA
Paris
Entry added December 13, 2016
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A validation issue existed in the handling of OCSP
responder URLs. This issue was addressed by verifying OCSP revocation
status after CA validation and limiting the number of OCSP requests
per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Entry added December 13, 2016
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Certificates may be unexpectedly evaluated as trusted
Description: A certificate evaluation issue existed in certificate
validation. This issue was addressed through additional validation of
certificates.
CVE-2016-7662: Apple
Entry added December 13, 2016
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
unlock the device
Description: In some cases, a counter issue existed in the handling
of passcode attempts when resetting the passcode. This was addressed
through improved state management.
CVE-2016-4781: an anonymous researcher
SpringBoard
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
keep the device unlocked
Description: A cleanup issue existed in the handling of Handoff with
Siri. This was addressed through improved state management.
CVE-2016-7597: an anonymous researcher
syslog
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7660: Ian Beer of Google Project Zero
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4743: Alan Cutter
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: A validation issue was addressed through improved state
management.
CVE-2016-7586: Boris Zbarsky
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-7587: Adam Klein
CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with
Trend Micro's Zero Day Initiative
CVE-2016-7611: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2016-7639: Tongbo Luo of Palo Alto Networks
CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7642: Tongbo Luo of Palo Alto Networks
CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7654: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
CVE-2016-7656: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An issue existed in handling of JavaScript prompts. This
was addressed through improved state management.
CVE-2016-7592: xisigr of Tencent's Xuanwu Lab
(tencent.com)
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An uninitialized memory access issue was addressed
through improved memory initialization.
CVE-2016-7598: Samuel GroA
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An issue existed in the handling of HTTP redirects. This
issue was addressed through improved cross origin validation.
CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies
Co., Ltd.
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may compromise user
information
Description: An issue existed in the handling of blob URLs. This
issue was addressed through improved URL handling.
CVE-2016-7623: xisigr of Tencent's Xuanwu Lab
(tencent.com)
Entry added December 13, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7632: Jeonghoon Shin
Entry added December 13, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LLAAoJEIOj74w0bLRGMloP/RDTtXKaNcwG2eVfvwcJOq7r
6/xS+aoLjvcgHSn6Q4q4Ez0HFchHjflKV7lAtCe7RDEJxjQZw7/DrpoPSqtiwgpI
0RRvbgy6qmfKQxf2dmXCbDJh/sdIATmc/sF+RncvboYvi2n7AEHQwn+1Axtsag2m
HcxecQdlRjoj2A9x+d0EdKNj5pbZmL/YM5jZBQimNKaF7HnCjFrK6u/Xs0cKwypH
zqD7ZCyYD2gN08DJbaAFPm+JTINwi/wI3pvg+WPphbG2IAufNs0KoSv1TX/yY45F
G1oiQSSCqYNKWmC4Pa03ycxMH3eywnKp4D29400n7XkG4Hs8wfXBig5QutUQWtM1
YEm6s+K2qiee+9shc4YMqMumNUA4tFCv2a4OG1sUYDZiPxkW0mWW+Y8u+u9D2ao5
z+mOGuuf4NIl3EcEcnLKLVlSIVFmsiJkPRYTSafwQ6o9kX3N6CtR2suvydm90su1
V2hbIWRia/uhrK7KUk83nOf3e5eqjzb4P7+z8TP0GwRkNST+nVXbYA3274kZ+Ik2
Z0g38tXO7F2r/QQmDswrsYP2q9T7/xpLbmNjuyGdcwqz57La4fszc4K2twEC6NEb
9drzqLyyG8fJd0MB1QqivSKLdm1wsYDd379osBQYpmSSWcZ/hkIQsB7PZ5f8vcOc
4zLHOqZUbWi1DVWViMNQ
=LKqY
-----END PGP SIGNATURE-----
| VAR-201702-0225 | CVE-2016-7626 | plural Apple Vulnerability to execute arbitrary code in product profile component |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile. Apple iOS, WatchOS and tvOS are prone to a memory corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition.
The following versions are affected:
Versions prior to Apple iOS 10.2
Versions prior to Apple watchOS 3.1.1
Versions prior to Apple tvOS 10.1. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; tvOS is a smart TV operating system.
CVE-2017-2363: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-12-13-6 Additional information for
APPLE-SA-2016-12-12-3 tvOS 10.1
tvOS 10.1 addresses the following:
Audio
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent
CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Entry added December 13, 2016
CoreFoundation
Available for: Apple TV (4th generation)
Impact: Processing malicious strings may lead to an unexpected
application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
strings. This issue was addressed through improved bounds checking.
CVE-2016-7663: an anonymous researcher
Entry added December 13, 2016
CoreGraphics
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
unexpected application termination
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
Entry added December 13, 2016
CoreMedia External Displays
Available for: Apple TV (4th generation)
Impact: A local application may be able to execute arbitrary code in
the context of the mediaserver daemon
Description: A type confusion issue was addressed through improved
memory handling.
CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
CoreMedia Playback
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted .mp4 file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
Entry added December 13, 2016
CoreText
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform
Department
Entry added December 13, 2016
Disk Images
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
FontParser
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform
Department
Entry added December 13, 2016
FontParser
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4688: Simon Huang of Alipay company,
thelongestusernameofall@gmail.com
Entry added December 13, 2016
ICU
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-7594: AndrA(c) Bargull
Entry added December 13, 2016
ImageIO
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
Entry added December 13, 2016
IOHIDFamily
Available for: Apple TV (4th generation)
Impact: A local application with system privileges may be able to
execute arbitrary code with kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7591: daybreaker of Minionz
Entry added December 13, 2016
IOKit
Available for: Apple TV (4th generation)
Impact: An application may be able to read kernel memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)
CVE-2016-7612: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to read kernel memory
Description: An insufficient initialization issue was addressed by
properly initializing memory returned to user space.
CVE-2016-7607: Brandon Azad
Entry added December 13, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to cause a system denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Entry added December 13, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A use after free issue was addressed through improved
memory management.
CVE-2016-7621: Ian Beer of Google Project Zero
Entry added December 13, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to gain root privileges
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-7637: Ian Beer of Google Project Zero
Entry added December 13, 2016
libarchive
Available for: Apple TV (4th generation)
Impact: A local attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed through improved validation of symlinks.
CVE-2016-7619: an anonymous researcher
Entry added December 13, 2016
Power Management
Available for: Apple TV (4th generation)
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7661: Ian Beer of Google Project Zero
Entry added December 13, 2016
Profiles
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
certificate profiles. This issue was addressed through improved input
validation.
CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)
Security
Available for: Apple TV (4th generation)
Impact: An attacker may be able to exploit weaknesses in the 3DES
cryptographic algorithm
Description: 3DES was removed as a default cipher.
CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA
Paris
Entry added December 13, 2016
Security
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A validation issue existed in the handling of OCSP
responder URLs. This issue was addressed by verifying OCSP revocation
status after CA validation and limiting the number of OCSP requests
per certificate.
CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Entry added December 13, 2016
Security
Available for: Apple TV (4th generation)
Impact: Certificates may be unexpectedly evaluated as trusted
Description: A certificate evaluation issue existed in certificate
validation. This issue was addressed through additional validation of
certificates.
CVE-2016-7662: Apple
Entry added December 13, 2016
syslog
Available for: Apple TV (4th generation)
Impact: A local user may be able to gain root privileges
Description: An issue in mach port name references was addressed
through improved validation.
CVE-2016-7660: Ian Beer of Google Project Zero
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4692: Apple
CVE-2016-7635: Apple
CVE-2016-7652: Apple
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4743: Alan Cutter
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: A validation issue was addressed through improved state
management.
CVE-2016-7586: Boris Zbarsky
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-7587: Adam Klein
CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with
Trend Micro's Zero Day Initiative
CVE-2016-7611: an anonymous researcher working with Trend Micro's
Zero Day Initiative
CVE-2016-7639: Tongbo Luo of Palo Alto Networks
CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7642: Tongbo Luo of Palo Alto Networks
CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab
(tencent.com)
CVE-2016-7654: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7589: Apple
CVE-2016-7656: Keen Lab working with Trend Micro's Zero Day
Initiative
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An uninitialized memory access issue was addressed
through improved memory initialization.
CVE-2016-7598: Samuel GroA
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of user information
Description: An issue existed in the handling of HTTP redirects. This
issue was addressed through improved cross origin validation.
CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies
Co., Ltd.
Entry added December 13, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
state management.
CVE-2016-7632: Jeonghoon Shin
Entry added December 13, 2016
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGRpYP/RiSCpisB2QI8kO5eyhqQQw8
Cc8c+l7wlpWoeUuNznXtGBRrMlL21Xzg6HZXkRepwh7SvwKmr2Xq6tw9VRrmT554
qTVcSe/8MZEb/NcsRvwS5vw70738WLDp8l1+3jsXm46LOpn9Xyolcl7uUS8Z+mxU
yDe4lMWIrNIHqQmDfXWILCL/2szx/Dn324b7klcRUy4p6JLyHwQgegQm6O582miJ
SFeknLzjqhuukGnaywhwoR8GDcsFtPT4ZFgum2kBB1Ke7Q6KmeenrSN0FVH5Z+zs
5/kXWBl0xHNZigrgHhO21hzGXX0SUq/SbLEBtuBzUJG3the5Zp24T8nOeNem5I5F
GJZd+S7PBnXpH+y+kURk6dVuKGDHv8tnp909v6QXjw35+oMvjEfuD64oSYf8FJNt
VTVU8R+hWYqexVQSkLjOPo6TxgrlHtHZ3Kw2tOwisuB3afSSVTS6p0y+EPxUNHXw
kzF5nOiEBnuTsqTiuuvTC0+p/XvFcGhVYZwygzOWeh0jKUDWXrnqY4XcqmtCPSl4
QXCNSSH8tAaPh/VIZpBYFVTRSrFqhqz17cwxEnsw7QkhFV8L8haWNfRL062swkHV
65Uq1oNytpw5bT5tL3NmBumknb+Y6/KNGT1+PQVc9cccQJtDjcjItqwfnTl0NdkB
wTrD0dsr90pjud+QyhXr
=YVOV
-----END PGP SIGNATURE-----
.
CVE-2016-7634: Davut Hari
Accessibility
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A person with physical access to an iOS device may be able to
access photos and contacts from the lock screen
Description: A lock screen issue allowed access to photos and
contacts on a locked device.
CVE-2016-4690: Andy Davis of NCC Group
Local Authentication
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: The device may not lock the screen after the idle timeout
Description: A logic issue existed in the handling of the idle timer
when the Touch ID prompt is shown. This issue was addressed by notifying a user if an email was
signed with a revoked certificate.
CVE-2016-7597: an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.2"
| VAR-201612-0228 | CVE-2016-582384 | Multiple Netgear routers are vulnerable to arbitrary command injection |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6277. Reason: This candidate was withdrawn by its CNA. Notes: All CVE users should reference CVE-2016-6277 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Netgear R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. Multiple Netgear Routers are prone to a remote command-injection vulnerability.
Successfully exploiting this issue may allow an attacker to inject and execute arbitrary commands in the context of the affected device.
Netgear R6400 running firmware version 1.0.1.6_1.0.4 and prior.
Netgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products. An attacker can exploit this vulnerability to execute arbitrary code with the help of shell metacharacters
| VAR-201612-0420 | CVE-2016-9160 | SIEMENS SIMATIC WinCC and SIEMENS SIMATIC PCS 7 In ActiveX Vulnerability that can crash components |
CVSS V2: 5.8 CVSS V3: 8.1 Severity: HIGH |
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Siemens SIMATIC WinCC and SIMATIC PCS 7 are industrial automation products from Siemens AG, Germany. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security bypass vulnerability exists in versions prior to SIMATIC WinCC 7.2 and in versions prior to SIMATIC PCS 7 8.0 SP1. An attacker could exploit this vulnerability to execute ActiveX components.
Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition
| VAR-201612-0370 | CVE-2016-9208 | Cisco Emergency Responder Vulnerable to accessing files anywhere on the file system |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller's location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks.
This issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user
| VAR-201612-0638 | No CVE | Xfinity Gateway Remote Code Execution Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
XfinityGateway is a gateway product from Xfinity. A remote code execution vulnerability exists in the destination_address parameter of the XfinityGateway system's network_diagnostic_tools.php page that could allow an attacker to execute arbitrary code in the context of an affected application or to cause a denial of service.
| VAR-201612-0015 | CVE-2016-6277 |
Multiple Netgear routers are vulnerable to arbitrary command injection
Related entries in the VARIoT exploits database: VAR-E-201612-0018, VAR-E-201612-0017 |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. plural NETGEAR Multiple routers have multiple vulnerabilities. Command injection (CWE-77) - CVE-2016-6277 The problem of lack of authentication for important functions (CWE-306) Cross-site request forgery (CWE-352) NETGEAR Multiple routers made by the company contain a command injection vulnerability. In addition, when a user who can access the product accesses a specially crafted page, URL As a result, it may be possible to execute arbitrary commands with administrator privileges of the product. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') https://cwe.mitre.org/data/definitions/77.html CWE-306: Missing Authentication for Critical Function https://cwe.mitre.org/data/definitions/306.html CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlCrafted by a remote third party URL By accessing, an arbitrary command may be executed with the administrator authority of the product concerned. NetgearR7000 and R6400 are Netgear's wireless router products. An attacker exploits a vulnerability to execute arbitrary system commands in the context of an affected application.
Netgear R6400 running firmware version 1.0.1.6_1.0.4 and prior.
Netgear R8000 running firmware version 1.0.3.4_1.1.2. Security flaws exist in several NETGEAR routing products
| VAR-201612-0418 | CVE-2016-9158 | SIEMENS SIMATIC S7-300 PN CPU and SIMATIC S7-400 PN CPU Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system. SIEMENS SIMATIC S7-300 PN CPU and SIMATIC S7-400 PN CPU There is a service disruption (DoS) There are vulnerabilities that are put into a state.Port by remote attacker 80/TCP Service disruption by sending specially crafted packets to (DoS) There is a possibility of being put into a state. The SIMATIC S7-300 CPUs and S7-400 CPUs are central processing unit modules for programmable controllers from Siemens AG, Germany. SIMATIC S7-300 and S7-400 CPUs are prone to remote denial-of-service and information-disclosure vulnerabilities.
Successful exploits may allow an attacker to gain access to sensitive information or cause denial-of-service conditions; other attacks are also possible. This vulnerability affects all SIMATIC S7-300 PN CPUs, and all SIMATIC S7-400 PN V6 and V7 CPUs. Siemens SIMATIC S7-400 is a programmable logic controller product used in the field of manufacturing and process automation. The following products and versions are affected: Siemens SIMATIC S7-300 CPU 312; Siemens SIMATIC S7-300 CPU 314; Siemens SIMATIC S7-300 CPU 315-2 DP; Siemens SIMATIC S7-300 CPU 315-2 PN/DP; Siemens SIMATIC S7 -300 CPU 317-2 PN/DP; Siemens SIMATIC S7-300 CPU 317-2 DP; Siemens SIMATIC S7-300 CPU 319-3 PN/DP; SIMATIC S7-400 CPU 412-1; SIMATIC S7-400 CPU 412- 2; SIMATIC S7-400 CPU 412-2 PN; SIMATIC S7-400 CPU 414-2; SIMATIC S7-400 CPU 414-3; SIMATIC S7-400 CPU 414-3 PN/DP; SIMATIC S7-400 CPU 416-2 ; SIMATIC S7-400 CPU 416-3 PN/DP; SIMATIC S7-400 CPU 416f-2; SIMATIC S7-400 CPU 416f-3 PN/DP; SIMATIC S7-400 CPU 417-4
| VAR-201612-0419 | CVE-2016-9159 | SIEMENS SIMATIC S7-300 PN CPU and SIMATIC S7-400 PN CPU In PLC Vulnerability to obtain credentials from |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. SIEMENS SIMATIC S7-300 PN CPU and SIMATIC S7-400 PN CPU Has a protection level on the affected system. The SIMATIC S7-300 CPUs and S7-400 CPUs are central processing unit modules for programmable controllers from Siemens AG, Germany. An information disclosure vulnerability exists in the SIMATIC S7-300 CPU and S7-400 CPU. An attacker could exploit the vulnerability to gain access to sensitive information. SIMATIC S7-300 and S7-400 CPUs are prone to remote denial-of-service and information-disclosure vulnerabilities. This vulnerability affects all listed affected products. Siemens SIMATIC S7-400 is a programmable logic controller product used in the field of manufacturing and process automation
| VAR-201702-0158 | CVE-2016-10224 | Sauter NovaWeb Web HMI Vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. Sauter is a leading provider of construction, room automation, energy management and equipment management. The Sauter NovaWeb Web HMI has a certification bypass vulnerability that an attacker can use to bypass security restrictions and perform unauthorized operations.
Attackers can exploit this issue to gain unauthorized access and perform unauthorized actions
| VAR-201612-0151 | CVE-2016-8102 | Intel Wireless Bluetooth Unquoted service path vulnerability in drivers |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
Local attackers can exploit this issue to gain elevated privileges.
Intel Wireless Bluetooth Drivers 16.x, 17.x, and prior to 18.1.1607.3129 are vulnerable
| VAR-201702-0373 | CVE-2016-3046 | IBM Security Access Manager In SQL Injection vulnerability |
CVSS V2: 4.0 CVSS V3: 2.7 Severity: LOW |
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.
A successful exploit may allow an attacker to access data, or exploit latent vulnerabilities in the underlying database. There are SQL injection vulnerabilities in many ISAM products
| VAR-201702-0009 | CVE-2016-2274 | Adcon Telemetry A850 Telemetry Gateway Base Station of Web Interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Attackers can exploit this vulnerability to inject arbitrary JavaScript code, affecting data integrity