VARIoT IoT vulnerabilities database
| VAR-201702-0339 | CVE-2016-4681 | Apple OS X of Core Image Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. Apple Mac OS X is prone to multiple remote code-execution vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A memory corruption vulnerability exists in the Core Image component of Apple macOS Sierra prior to 10.12.1
| VAR-201807-0064 | CVE-2016-6539 | TrackR Bravo contains multiple vulnerabilities |
CVSS V2: 3.3 CVSS V3: 3.5 Severity: LOW |
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Trackr The device contains an information disclosure vulnerability.Information may be obtained. TrackR Bravo is prone to multiple information-disclosure and security-bypass vulnerabilities.
An attacker can exploit this issue to gain access to sensitive information or bypass certain security restrictions and perform unauthorized actions
| VAR-201807-0048 | CVE-2016-6549 | Zizai Tech Nut contains multiple vulnerabilities |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute. Zizai Tech Nut contains multiple vulnerabilities including sensitive information exposure and missing authentication. Multiple information disclosure vulnerability
2. An authentication-bypass vulnerability.
An attacker can exploit these vulnerabilities to gain sensitive information or perform unauthorized actions in the context of the affected application. Other attacks are also possible
| VAR-201807-0041 | CVE-2016-6542 | iTrack Easy contains multiple vulnerabilities |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address. iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. iTrack The device contains an input validation vulnerability.Information may be obtained. iTrack Easy is prone to the following security vulnerabilities:
1. Multiple information-disclosure vulnerabilities
2. Multiple security-bypass vulnerabilities
3. Authentication-bypass vulnerability
An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions or to obtain sensitive information that may aid in launching further attacks
| VAR-201711-0007 | CVE-2016-8610 | OpenSSL Resource Management Error Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability.
Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies. The updates are documented in the Release Notes document
linked to in the References. If sendfile processing completed quickly, it was
possible for the Processor to be added to the processor cache twice. This
could lead to invalid responses or information disclosure. (CVE-2017-5647)
* A vulnerability was discovered in the error page mechanism in Tomcat's
DefaultServlet implementation. A crafted HTTP request could cause undesired
side effects, possibly including the removal or replacement of the custom
error page. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server
installation (including all applications and configuration files).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6
Advisory ID: RHSA-2017:1414-01
Product: Red Hat JBoss Core Services
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1414
Issue date: 2017-06-07
CVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304
CVE-2016-7056 CVE-2016-8610 CVE-2016-8740
CVE-2016-8743
=====================================================================
1. Summary:
An update is now available for Red Hat JBoss Core Services on RHEL 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 6 Server - i386, noarch, ppc64, x86_64
3. Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat
JBoss middleware products. This software, such as Apache HTTP Server, is
common to multiple JBoss middleware products, and is packaged under Red Hat
JBoss Core Services to allow for faster distribution of updates, and for a
more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23
Service Pack 1 serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in
the Release Notes document linked to in the References.
Security Fix(es):
* A memory leak flaw was found in the way OpenSSL handled TLS status
request extension data during session renegotiation. A remote attacker
could cause a TLS server using OpenSSL to consume an excessive amount of
memory and, possibly, exit unexpectedly after exhausting all available
memory, if it enabled OCSP stapling support. (CVE-2016-6304)
* It was discovered that the mod_session_crypto module of httpd did not use
any mechanisms to verify integrity of the encrypted session data stored in
the user's browser. (CVE-2016-0736)
* It was discovered that the mod_auth_digest module of httpd did not
properly check for memory allocation failures. (CVE-2016-2161)
* A timing attack flaw was found in OpenSSL that could allow a malicious
user with local access to recover ECDSA P-256 private keys.
(CVE-2016-8610)
* It was discovered that the HTTP parser in httpd incorrectly allowed
certain characters not permitted by the HTTP protocol specification to
appear unencoded in HTTP request headers. If httpd was used in conjunction
with a proxy or backend server that interpreted those characters
differently, a remote attacker could possibly use this flaw to inject data
into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
* A vulnerability was found in httpd's handling of the LimitRequestFields
directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker
could send crafted requests with headers larger than the server's available
memory, causing httpd to crash. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304
and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610.
Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original
reporter of CVE-2016-6304.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library
must be restarted, or the system rebooted. After installing the updated
packages, the httpd daemon will be restarted automatically.
5. Bugs fixed (https://bugzilla.redhat.com/):
1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2
1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto
1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest
1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects
1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery
6. JIRA issues fixed (https://issues.jboss.org/):
JBCS-318 - Errata for httpd 2.4.23 SP1 RHEL 6
7. Package List:
Red Hat JBoss Core Services on RHEL 6 Server:
Source:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el6.src.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el6.src.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.src.rpm
i386:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el6.i686.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el6.i686.rpm
jbcs-httpd24-mod_session-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.i686.rpm
jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6.i686.rpm
noarch:
jbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el6.noarch.rpm
ppc64:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el6.ppc64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el6.ppc64.rpm
jbcs-httpd24-mod_session-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.ppc64.rpm
jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6.ppc64.rpm
x86_64:
jbcs-httpd24-httpd-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el6.x86_64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el6.x86_64.rpm
jbcs-httpd24-mod_session-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-1.0.2h-13.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el6.x86_64.rpm
jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2016-0736
https://access.redhat.com/security/cve/CVE-2016-2161
https://access.redhat.com/security/cve/CVE-2016-6304
https://access.redhat.com/security/cve/CVE-2016-7056
https://access.redhat.com/security/cve/CVE-2016-8610
https://access.redhat.com/security/cve/CVE-2016-8740
https://access.redhat.com/security/cve/CVE-2016-8743
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en/red-hat-jboss-core-services/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFZOEFRXlSAg2UNWIIRArPwAJ9m6v5fPuR/bqB0iCR7mZf0eNlupgCeOFGA
eLS32IrqnsIU/hS41jk8+F0=
=4Ffz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
The References section of this erratum contains a download link (you must
log in to download the update).
This release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update
to take effect. (CVE-2016-6304)
* It was discovered that OpenSSL did not always use constant time
operations when computing Digital Signature Algorithm (DSA) signatures.
(CVE-2016-8610)
* Multiple integer overflow flaws were found in the way OpenSSL performed
pointer arithmetic.
===========================================================================
Ubuntu Security Notice USN-3183-2
March 20, 2017
gnutls26 vulnerability
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
GnuTLS could be made to hang if it received specially crafted network
traffic.
Software Description:
- gnutls26: GNU TLS library
Details:
USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu
16.10. This update provides the corresponding update for Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS.
Original advisory details:
Stefan Buehler discovered that GnuTLS incorrectly verified the serial
length of OCSP responses. This issue only applied
to Ubuntu 16.04 LTS. (CVE-2016-7444)
Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. This issue has only been addressed in
Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610)
It was discovered that GnuTLS incorrectly decoded X.509 certificates with a
Proxy Certificate Information extension. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 16.10. (CVE-2017-5334)
It was discovered that GnuTLS incorrectly handled certain OpenPGP
certificates. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.7
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.14
In general, a standard system update will make all the necessary changes
| VAR-202002-0734 | CVE-2016-4676 | Apple Safari Used in WebKit Vulnerability regarding information leakage in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information or execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. Apple Safari, etc. are all products of Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. Apple macOS Sierra is a dedicated operating system developed for Mac computers. Apple Mac OS X is a dedicated operating system developed for Mac computers. The following products and versions are affected: Apple Mac OS X prior to 10.10.5, Mac OS X El Capitan prior to 10.11.6, Safari prior to 10.0.0, and MacOS Sierra prior to 10.12. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-3 Safari 10.0.1
Safari 10.0.1 is now available and addresses the following:
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
This was addressed through improved tracking of location attributes
across origins.
CVE-2016-4676: Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Safari 10.0.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDl1YAAoJEIOj74w0bLRG/CgP/2BuJWIr6JICylZb34qn0GTt
RgLXLOI4xIcjH8I4iBnHXnN7/Cx0vsBv3HZVxmQFG7b7qa5H5DxFfz8P8janNE+t
c9siRQcv3V5r4GJ5ynC+ZWuCzHhae3DzdpBk67PsOp8kiaKbLFR7wMO7gPpW+A1l
C05aLERWJ0IQ4iLbwdoX5aGwwvw033hWbaWd+nzRSk3Qa5m/DQcepHsUuwtWPK8r
T401PUirEiFGLLrzBcCqddbtZ6ueCXGJlI1zbnmiRb659l0JY8gj6yd4Y66Ikc4M
bzbpJ2RmxBlwGJB4MeiaatID42KTsNtQ2INHnI6XS6IE3Xk+rW/905XOGXV348gQ
Mv2IBZ2/xq2JzEjYJPYb0z3/2/VRyiYYpBxYoC1t0A0ildN8mYlwkTAEAg9FhO7x
UUIHZXsQtMlkZFYG/OgkM8JdJj3crAJ2QdeBAhcGCBKZMm+Ajk2DelCwJI9DmoD7
Y9CdX3uAVTjBo7hGkSvrm5LAniZubMEo5pBhJGD0/Va8dGqPLBxFuWXuB1fsysBM
3JnAPFxJY9ad/FRppGuhMie6IuMYI+xjTpOYeqd9qxZt/trzXT8Crr2edyVobhOP
st1kDqd0z78qMD4+ekiqhR7oOw3MNVuCpCeMZ6qzSVA9KOHy+lSu5s8ZxOfdA4XC
EzbkVlGbLJEYb4+qOiQ4
=NEL0
-----END PGP SIGNATURE-----
| VAR-201702-0460 | CVE-2016-7579 | plural Apple Product CFNetwork Proxies Component forged proxy password authentication request vulnerability |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information. Apple iOS, tvOS and macOS are prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
Versions prior to iOS 10.1, tvOS 10.0.1 and macOS 10.12.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; macOS is a dedicated operating system developed for Mac computers. CFNetwork Proxies is one of the components used to handle proxy connection response issues. An information disclosure vulnerability exists in the CFNetwork Proxies component of several Apple products.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials.
CVE-2016-7579: Jerry Decime
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to maintain access to the Address
Book after access is revoked in Settings
Description: An access control issue in the Address Book was
addressed through improved file-link validation.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d
5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY
q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5
EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq
HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q
paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/
yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs
MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl
RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2
AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe
fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV
m7KJFe1t8NabLisqOrHI
=vxwr
-----END PGP SIGNATURE-----
| VAR-201702-0344 | CVE-2016-4686 | Apple iOS Vulnerability in Access to Application Address Book in Microsoft Contact Component Vulnerability |
CVSS V2: 3.6 CVSS V3: 4.4 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation. Apple iOS is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Contacts is one of the mobile phone contact components. A security vulnerability exists in the Contacts component of Apple's iOS prior to 10.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d
5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY
q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5
EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq
HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q
paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/
yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs
MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl
RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2
AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe
fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV
m7KJFe1t8NabLisqOrHI
=vxwr
-----END PGP SIGNATURE-----
| VAR-201702-0341 | CVE-2016-4682 | Apple OS X of ImageIO Vulnerabilities that can capture important information in components |
CVSS V2: 5.8 CVSS V3: 7.1 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. ImageIO is one of the static methods used to perform common image I/O operations. Attackers can use malicious images to exploit this vulnerability to cause process memory leaks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----
| VAR-201702-0336 | CVE-2016-4678 | Apple OS X of AppleSMC Vulnerability gained privileges in components |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleSMC" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within AppleSMC's smcHandleYPCEvent. The process does not properly validate the existence of an object prior to performing operations on it. An attacker can leverage this vulnerability to escalate privileges under the context of the kernel. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. AppleSMC is one of the components used to reset the System Management Controller on a Mac. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----
| VAR-201702-0338 | CVE-2016-4680 | plural Apple Vulnerabilities in which important information is obtained from kernel memory in the kernel component of a product |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple information-disclosure vulnerabilities. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following versions are affected: Apple iOS prior to 10.1, tvOS prior to 10.0.1, watchOS prior to 3.1.
CVE-2016-4669: Ian Beer of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to maintain access to the Address
Book after access is revoked in Settings
Description: An access control issue in the Address Book was
addressed through improved file-link validation.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d
5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY
q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5
EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq
HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q
paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/
yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs
MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl
RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2
AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe
fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV
m7KJFe1t8NabLisqOrHI
=vxwr
-----END PGP SIGNATURE-----
| VAR-201702-0333 | CVE-2016-4674 | Apple OS X of ATS Vulnerability gained privileges in components |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----
| VAR-201702-0335 | CVE-2016-4677 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Array objects. A crafted Array object can trigger a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. WebKit is prone to a memory-corruption vulnerability. Failed exploit attempts will likely cause denial-of-service conditions.
Note: This issue was previously titled 'WebKit CVE-2016-4677 Multiple Unspecified Memory Corruption Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple iOS prior to 10.1, tvOS prior to 10.0.1, Safari prior to 10.0.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to maintain access to the Address
Book after access is revoked in Settings
Description: An access control issue in the Address Book was
addressed through improved file-link validation.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d
5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY
q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5
EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq
HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q
paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/
yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs
MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl
RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2
AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe
fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV
m7KJFe1t8NabLisqOrHI
=vxwr
-----END PGP SIGNATURE-----
| VAR-201702-0331 | CVE-2016-4671 | Apple OS X of ImageIO Vulnerability in arbitrary code execution in components |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. ImageIO is one of the static methods used to perform common image I/O operations. An out-of-bounds write vulnerability exists in the ImageIO component of Apple macOS Sierra prior to 10.12.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----
| VAR-201702-0328 | CVE-2016-4667 | Apple OS X of ATS Vulnerability in arbitrary code execution in components |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. ATS in versions prior to Apple macOS Sierra 10.12.1 has a memory corruption vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----
| VAR-201702-0337 | CVE-2016-4679 | plural Apple Product libarchive Vulnerability written to arbitrary file in component |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. Apple macOS, watchOS, iOS and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, obtain sensitive information and overwrite arbitrary files. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 10.1, watchOS 3.1, macOS 10.12.1 and tvOS 10.0.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libarchive is one of the multi-format archive and compression library components.
CVE-2016-4669: Ian Beer of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to maintain access to the Address
Book after access is revoked in Settings
Description: An access control issue in the Address Book was
addressed through improved file-link validation.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d
5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY
q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5
EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq
HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q
paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/
yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs
MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl
RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2
AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe
fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV
m7KJFe1t8NabLisqOrHI
=vxwr
-----END PGP SIGNATURE-----
| VAR-201702-0327 | CVE-2016-4666 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information or execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.1, tvOS prior to 10.0.1, Safari prior to 10.0.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-3 Safari 10.0.1
Safari 10.0.1 is now available and addresses the following:
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4666: Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to the
disclosure of sensitive user information
Description: A cross-origin issue existed with location attributes.
This was addressed through improved tracking of location attributes
across origins.
CVE-2016-4676: Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Safari 10.0.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDl1YAAoJEIOj74w0bLRG/CgP/2BuJWIr6JICylZb34qn0GTt
RgLXLOI4xIcjH8I4iBnHXnN7/Cx0vsBv3HZVxmQFG7b7qa5H5DxFfz8P8janNE+t
c9siRQcv3V5r4GJ5ynC+ZWuCzHhae3DzdpBk67PsOp8kiaKbLFR7wMO7gPpW+A1l
C05aLERWJ0IQ4iLbwdoX5aGwwvw033hWbaWd+nzRSk3Qa5m/DQcepHsUuwtWPK8r
T401PUirEiFGLLrzBcCqddbtZ6ueCXGJlI1zbnmiRb659l0JY8gj6yd4Y66Ikc4M
bzbpJ2RmxBlwGJB4MeiaatID42KTsNtQ2INHnI6XS6IE3Xk+rW/905XOGXV348gQ
Mv2IBZ2/xq2JzEjYJPYb0z3/2/VRyiYYpBxYoC1t0A0ildN8mYlwkTAEAg9FhO7x
UUIHZXsQtMlkZFYG/OgkM8JdJj3crAJ2QdeBAhcGCBKZMm+Ajk2DelCwJI9DmoD7
Y9CdX3uAVTjBo7hGkSvrm5LAniZubMEo5pBhJGD0/Va8dGqPLBxFuWXuB1fsysBM
3JnAPFxJY9ad/FRppGuhMie6IuMYI+xjTpOYeqd9qxZt/trzXT8Crr2edyVobhOP
st1kDqd0z78qMD4+ekiqhR7oOw3MNVuCpCeMZ6qzSVA9KOHy+lSu5s8ZxOfdA4XC
EzbkVlGbLJEYb4+qOiQ4
=NEL0
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201702-0325 | CVE-2016-4664 | plural Apple Product sandbox profile component can read photo directory metadata vulnerability |
CVSS V2: 4.3 CVSS V3: 3.3 Severity: LOW |
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app. Apple iOS, WatchOS and tvOS are prone to multiple information-disclosure vulnerabilities.
Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Sandbox Profiles is one of the Sandbox (Sandbox) components. An information disclosure vulnerability exists in the Sandbox Profiles component of several Apple products. The following versions are affected: Apple iOS prior to 10.1, tvOS prior to 10.0.1, watchOS prior to 3.1.
CVE-2016-4669: Ian Beer of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-1 iOS 10.1
iOS 10.1 is now available and addresses the following:
CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to maintain access to the Address
Book after access is revoked in Settings
Description: An access control issue in the Address Book was
addressed through improved file-link validation.
CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
CoreGraphics
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose kernel memory
Description: A validation issue was addressed through improved input
sanitization.
CVE-2016-4680: Max Bazaliy of Lookout and in7egral
libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of photo
directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to retrieve metadata of audio
recording directories
Description: An access issue was addressed through additional sandbox
restrictions on third party applications.
CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
System Boot
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4677: An anonymous researcher working with Trend Micro's
Zero Day Initiative
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.1".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d
5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY
q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5
EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq
HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q
paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/
yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs
MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl
RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2
AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe
fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV
m7KJFe1t8NabLisqOrHI
=vxwr
-----END PGP SIGNATURE-----
| VAR-201702-0324 | CVE-2016-4663 | Apple OS X of NVIDIA Service disruption in graphics driver components (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----
| VAR-201702-0323 | CVE-2016-4662 | Apple OS X of AppleGraphicsControl Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. AppleGraphicsControl is one of the integrated graphics drivers. A memory corruption vulnerability exists in the AppleGraphicsControl component in versions of Apple macOS Sierra prior to 10.12.1. An attacker could exploit this vulnerability with an application to execute arbitrary code with kernel privileges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple
AppleSMC
Available for: macOS Sierra 10.12
Impact: A local user may be able to elevate privileges
Description: A null pointer dereference was addressed through
improved locking.
CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day
Initiative
ATS
Available for: macOS Sierra 10.12
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4667: Simmon Huang of alipay,
Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS
Available for: macOS Sierra 10.12
Impact: A local user may be able to execute arbitrary code with
additional privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime
CoreGraphics
Available for: macOS Sierra 10.12
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
FaceTime
Available for: macOS Sierra 10.12
Impact: An attacker in a privileged network position may be able to
cause a relayed call to continue transmitting audio while appearing
as if the call terminated
Description: User interface inconsistencies existed in the handling
of relayed calls. These issues were addressed through improved
FaceTime display logic.
CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser
Available for: macOS Sierra 10.12
Impact: Parsing a maliciously crafted font may disclose sensitive
user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO
Available for: OS X El Capitan v10.11.6
Impact: Parsing a maliciously crafted PDF may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed through improved
bounds checking.
CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin
(@fuzzerDOTcn)
ImageIO
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: Processing a maliciously crafted image may result in the
disclosure of process memory
Description: An out-of-bounds read issue existed in the SGI image
parsing. This issue was addressed through improved bounds checking.
CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive
Available for: macOS Sierra 10.12
Impact: A malicious archive may be able to overwrite arbitrary files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A logic issue was addressed through additional
restrictions.
CVE-2016-4675: Ian Beer of Google Project Zero
ntfs
Available for: macOS Sierra 10.12
Impact: An application may be able to cause a denial of service
Description: An issue existed in the parsing of disk images. This
issue was addressed through improved validation.
CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office
for Information Security)
NVIDIA Graphics Drivers
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to cause a denial of service
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4663: Apple
System Boot
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed through improved
validation.
CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP
8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep
Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD
4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K
k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E
wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1
NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA
WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G
cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1
GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9
J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV
E0naX6k6U0S+vJiI0JU7
=eHH+
-----END PGP SIGNATURE-----