VARIoT IoT vulnerabilities database
| VAR-201609-0276 | CVE-2016-4711 | Apple iOS and OS X of CommonCrypto of corecrypto of CCrypt Vulnerability in obtaining plaintext information |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. Apple iOS and Mac OS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. in the United States. CommonCrypto is one of the encryption and decryption libraries. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
| VAR-201609-0260 | CVE-2016-4694 | Apple OS X and OS X Server of Apache HTTP Server Application outbound HTTP Vulnerability that redirects traffic to an arbitrary proxy server |
CVSS V2: 7.5 CVSS V3: 9.1 Severity: CRITICAL |
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue, a related issue to CVE-2016-5387. This vulnerability "httpoxy" Is called a problem. This vulnerability CVE-2016-5387 And related issues. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X and Mac OS X Server are prone to a security-bypass vulnerability.
Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. This issue was addressed by not setting the
HTTP_PROXY environment variable from CGI.
CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend
ServerDocs Server
Available for: macOS 10.12 Sierra
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: RC4 was removed as a supported cipher.
CVE-2016-4754 : Pepi Zawodsky
macOS Server 5.2 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4YD4AAoJEIOj74w0bLRGbWQP+gOZSLCIIprhLJ6wLJp1Hbb+
gxS09PZJSp32xDnmyMdzcKUFsQ8UfO9iSZBs7Yge8nAjQLxKt/dlopXZPIg4t4GY
qSx1wOZ3yj+74LBnhEG/KVeibl8JH9MJEnhWMB9cwMbnQnROc72F418R+Ic8QPXg
4t4tgKWYWR+vS2Gx+FOvIat68siUjsU8G9jvs3wqKbTzuicDEFCDoK9MYQRdcV6Z
fluIN4qFb3z0tJihq9WrZlkiARPe5cf8or1aynDpPNSxmMnJV+wv5xnbqx7kPOcE
cuqhmy3SUn40jbIFPzuXmnypn1MDS9RxU6T2w/o3EU71h+w5ImLE86MlTEQPVmJJ
fapPvjPSqe6iNA7o4sXZ9dfodZtfP9v6fxuoUqfoYRRTIoYECYk2MzhEUfxe64VE
f17H0suurHhXuBDF5Q3k6yO5zoijwq7A3sGv9Kgq6lPuBgKWYqJY14t7YVx81Myi
yUbAfXqErypxvCgrX2/AO/ItEPK5DlDK555DbWjd01Jnfy2ckae7W6lBulfYgMNG
SP6j1KdgM+aH4Av2JxgBxPXoBnUzGZYnEbc4iy/17GzQruAmU0q59wm4XhzC/84W
5m9Ti+tDODPGqJpYFytB11z9X8Jtj9zK0F4T/+QHQO/BJbWLZzbYWrd3jslOIb1W
iGD5h8KmNhjoS3LLutKE
=HbXq
-----END PGP SIGNATURE-----
| VAR-201609-0258 | CVE-2016-4763 | plural Apple Used in products WebKit of WKWebView Vulnerable to server impersonation |
CVSS V2: 4.9 CVSS V3: 6.8 Severity: MEDIUM |
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Apple iOS , Windows Run on iTunes ,and Safari Used in etc.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-2 Safari 10
Safari 10 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions. This issue was addressed through session state management.
CVE-2016-4751 : Daniel Chatfield of Monzo Bank
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728 : Daniel Divricean
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758 : Masato Kinugawa of Cure53
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611 : Apple
CVE-2016-4729 : Apple
CVE-2016-4730 : Apple
CVE-2016-4731 : Apple
CVE-2016-4734 : Natalie Silvanovich of Google Project Zero
CVE-2016-4735 : AndrA(c) Bargull
CVE-2016-4737 : Apple
CVE-2016-4759 : Tongbo Luo of Palo Alto Networks
CVE-2016-4762 : Zheng Huang of Baidu Security Lab
CVE-2016-4766 : Apple
CVE-2016-4767 : Apple
CVE-2016-4768 : Anonymous working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760 : Jordan Milne
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733 : Natalie Silvanovich of Google Project Zero
CVE-2016-4765 : Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763 : an anonymous researcher
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM
9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63
lg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7
WbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1
a4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f
uanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi
f6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq
xG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf
pMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs
7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl
94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa
BNWrPBJoffIkp7eY1kI2
=RFSt
-----END PGP SIGNATURE-----
| VAR-201609-0272 | CVE-2016-4707 | Apple iOS and OS X of CFNetwork Viewed by any user in Web Vulnerability to get the site |
CVSS V2: 2.1 CVSS V3: 4.0 Severity: MEDIUM |
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlViewed by any user by local user Web May get a site. Apple iOS and Mac OS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. in the United States. CFNetwork is a low-level, high-performance framework that is an extension of BSD sockets (sockets). The vulnerability stems from the fact that the program does not delete Local Storage correctly. A local attacker could exploit this vulnerability to discover the websites visited by any user. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0257 | CVE-2016-4762 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iTunes, Safari, iCloud and iOS are prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks.
Versions prior to iTunes 12.5.1, iCloud 6.0, Safari 10 and iOS 10 are vulnerable. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-2 Safari 10
Safari 10 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions. This issue was addressed through session state management.
CVE-2016-4751 : Daniel Chatfield of Monzo Bank
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728 : Daniel Divricean
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758 : Masato Kinugawa of Cure53
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611 : Apple
CVE-2016-4729 : Apple
CVE-2016-4730 : Apple
CVE-2016-4731 : Apple
CVE-2016-4734 : Natalie Silvanovich of Google Project Zero
CVE-2016-4735 : AndrA(c) Bargull
CVE-2016-4737 : Apple
CVE-2016-4759 : Tongbo Luo of Palo Alto Networks
CVE-2016-4762 : Zheng Huang of Baidu Security Lab
CVE-2016-4766 : Apple
CVE-2016-4767 : Apple
CVE-2016-4768 : Anonymous working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760 : Jordan Milne
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733 : Natalie Silvanovich of Google Project Zero
CVE-2016-4765 : Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763 : an anonymous researcher
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM
9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63
lg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7
WbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1
a4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f
uanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi
f6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq
xG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf
pMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs
7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl
94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa
BNWrPBJoffIkp7eY1kI2
=RFSt
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0263 | CVE-2016-4698 | Apple iOS and OS X of AppleMobileFileIntegrity Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and Mac OS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. in the United States. AppleMobileFileIntegrity (AMFI) is one of the kernel components used to check the integrity of Apple mobile phone files. A local attacker could exploit this vulnerability to discover the websites visited by any user. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
| VAR-201609-0253 | CVE-2016-4755 | Apple OS X Vulnerability in obtaining important information in the terminal |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12. Terminal is one of the terminal components. A local attacker could exploit this vulnerability to obtain sensitive information
| VAR-201609-0252 | CVE-2016-4754 | Apple OS X Server of ServerDocs Server Vulnerabilities that can break cryptographic protection mechanisms |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Apple macOS Server is prone to an security vulnerability.
Successful exploits may allow an attacker to bypass certain security restrictions and perform unauthorized actions.
Versions prior to Apple macOS Server 5.2 are vulnerable. Apple OS X Server is a set of Unix-based server operating software developed by Apple (Apple). The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. ServerDocs Server is one of the service components. A remote attacker could exploit this vulnerability to crack the password protection mechanism. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-4 macOS Server 5.2
macOS Server 5.2 is now available and addresses the following:
apache
Available for: macOS 10.12 Sierra
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue existed in the handling of the HTTP_PROXY
environment variable. This issue was addressed by not setting the
HTTP_PROXY environment variable from CGI.
CVE-2016-4694 : Dominic Scheirlinck and Scott Geary of Vend
ServerDocs Server
Available for: macOS 10.12 Sierra
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: RC4 was removed as a supported cipher.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4YD4AAoJEIOj74w0bLRGbWQP+gOZSLCIIprhLJ6wLJp1Hbb+
gxS09PZJSp32xDnmyMdzcKUFsQ8UfO9iSZBs7Yge8nAjQLxKt/dlopXZPIg4t4GY
qSx1wOZ3yj+74LBnhEG/KVeibl8JH9MJEnhWMB9cwMbnQnROc72F418R+Ic8QPXg
4t4tgKWYWR+vS2Gx+FOvIat68siUjsU8G9jvs3wqKbTzuicDEFCDoK9MYQRdcV6Z
fluIN4qFb3z0tJihq9WrZlkiARPe5cf8or1aynDpPNSxmMnJV+wv5xnbqx7kPOcE
cuqhmy3SUn40jbIFPzuXmnypn1MDS9RxU6T2w/o3EU71h+w5ImLE86MlTEQPVmJJ
fapPvjPSqe6iNA7o4sXZ9dfodZtfP9v6fxuoUqfoYRRTIoYECYk2MzhEUfxe64VE
f17H0suurHhXuBDF5Q3k6yO5zoijwq7A3sGv9Kgq6lPuBgKWYqJY14t7YVx81Myi
yUbAfXqErypxvCgrX2/AO/ItEPK5DlDK555DbWjd01Jnfy2ckae7W6lBulfYgMNG
SP6j1KdgM+aH4Av2JxgBxPXoBnUzGZYnEbc4iy/17GzQruAmU0q59wm4XhzC/84W
5m9Ti+tDODPGqJpYFytB11z9X8Jtj9zK0F4T/+QHQO/BJbWLZzbYWrd3jslOIb1W
iGD5h8KmNhjoS3LLutKE
=HbXq
-----END PGP SIGNATURE-----
| VAR-201609-0250 | CVE-2016-4752 | Apple OS X of SecKeyDeriveFromPassword Vulnerability in function that can retrieve important information from process memory |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12
| VAR-201609-0256 | CVE-2016-4760 | plural Apple Used in products WebKit In DNS Vulnerabilities that can be used to perform rebinding attacks |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party HTTP/0.9 By using correspondence, non- HTTP of Safari For sessions DNS A rebind attack may be performed.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-2 Safari 10
Safari 10 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions. This issue was addressed through session state management.
CVE-2016-4751 : Daniel Chatfield of Monzo Bank
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728 : Daniel Divricean
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758 : Masato Kinugawa of Cure53
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611 : Apple
CVE-2016-4729 : Apple
CVE-2016-4730 : Apple
CVE-2016-4731 : Apple
CVE-2016-4734 : Natalie Silvanovich of Google Project Zero
CVE-2016-4735 : AndrA(c) Bargull
CVE-2016-4737 : Apple
CVE-2016-4759 : Tongbo Luo of Palo Alto Networks
CVE-2016-4762 : Zheng Huang of Baidu Security Lab
CVE-2016-4766 : Apple
CVE-2016-4767 : Apple
CVE-2016-4768 : Anonymous working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760 : Jordan Milne
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733 : Natalie Silvanovich of Google Project Zero
CVE-2016-4765 : Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763 : an anonymous researcher
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM
9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63
lg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7
WbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1
a4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f
uanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi
f6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq
xG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf
pMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs
7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl
94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa
BNWrPBJoffIkp7eY1kI2
=RFSt
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0254 | CVE-2016-4758 | plural Apple Used in products WebKit Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. Apple iOS , Windows Run on iTunes ,and Safari Used in etc.
Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-2 Safari 10
Safari 10 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions. This issue was addressed through session state management.
CVE-2016-4751 : Daniel Chatfield of Monzo Bank
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728 : Daniel Divricean
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758 : Masato Kinugawa of Cure53
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611 : Apple
CVE-2016-4729 : Apple
CVE-2016-4730 : Apple
CVE-2016-4731 : Apple
CVE-2016-4734 : Natalie Silvanovich of Google Project Zero
CVE-2016-4735 : AndrA(c) Bargull
CVE-2016-4737 : Apple
CVE-2016-4759 : Tongbo Luo of Palo Alto Networks
CVE-2016-4762 : Zheng Huang of Baidu Security Lab
CVE-2016-4766 : Apple
CVE-2016-4767 : Apple
CVE-2016-4768 : Anonymous working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760 : Jordan Milne
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733 : Natalie Silvanovich of Google Project Zero
CVE-2016-4765 : Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763 : an anonymous researcher
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM
9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63
lg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7
WbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1
a4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f
uanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi
f6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq
xG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf
pMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs
7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl
94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa
BNWrPBJoffIkp7eY1kI2
=RFSt
-----END PGP SIGNATURE-----
| VAR-201609-0248 | CVE-2016-4750 | Apple iOS and OS X of S2 Vulnerability to execute arbitrary code in privileged context in camera |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS and Mac OS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. in the United States. S2 Camera is one of the camera components
| VAR-201609-0249 | CVE-2016-4751 | Apple Safari of Safari Tabs Component address bar spoofing vulnerability |
CVSS V2: 4.3 CVSS V3: 3.5 Severity: LOW |
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified.
An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user in the browser's address bar.
This issue is fixed in:
Apple Safari 10. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-2 Safari 10
Safari 10 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions. This issue was addressed through session state management.
CVE-2016-4751 : Daniel Chatfield of Monzo Bank
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728 : Daniel Divricean
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758 : Masato Kinugawa of Cure53
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611 : Apple
CVE-2016-4729 : Apple
CVE-2016-4730 : Apple
CVE-2016-4731 : Apple
CVE-2016-4734 : Natalie Silvanovich of Google Project Zero
CVE-2016-4735 : AndrA(c) Bargull
CVE-2016-4737 : Apple
CVE-2016-4759 : Tongbo Luo of Palo Alto Networks
CVE-2016-4762 : Zheng Huang of Baidu Security Lab
CVE-2016-4766 : Apple
CVE-2016-4767 : Apple
CVE-2016-4768 : Anonymous working with Trend Micro's Zero Day
Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760 : Jordan Milne
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733 : Natalie Silvanovich of Google Project Zero
CVE-2016-4765 : Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763 : an anonymous researcher
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XGCAAoJEIOj74w0bLRG15kP/AoBCDYAJ/XNFwT62dKxgeZM
9iO/A+69fxRWpCKGzOEfU4/c/X2j5qIL889gXGa78az1DtOBArqPUEzd1jWnIw63
lg4nwTrCoSU27+G4fepd12dMi9Om4Lyc0yk0hlJtBDXiR+3YJCAOYhUQJDejTcC7
WbeNpuqErioob0BmvHR9rQArnjI58SOy0RgZcsWBp+hV561Q18X8CQ7KmOjjECH1
a4yf2UOsoQ3BMAgPZuNOOTQ1ORIBi0kp/0ximwetnJluarW4qitjOrGd1zz3ma2f
uanKgxyHXgu2uF4CBQ2kXyS3/fP2SBnk7IpuFxhd5mydU/Y5DMWSvkmXZN/ugAzi
f6GG2Iy0n3SkDsjJtk3xHCs0PEYwvJF1r/vmLoE762KCm9O753gPY7oOJY52Mkgq
xG4hyknpbtJmwwRdXPoCFVCCIhL4lWvptyNnkZiDaxbgIdMpsGg/jQXP9dgMZLKf
pMZA2iVI/veErZzRu+9GGES4oC5OxAKGBaeyDEleTfCqdDIEysYh3XvjAHD76dDs
7fglUYbnYYsfPWl/26TS1LnSq82pCXZ76n1wNC59cvK3fzSO7Tj1JXUiecwR8ihl
94p1FSKqHUDx/2ynfvCn4VfdrHYcsY+t81xQeHfsOlHUH7SPkz31XpgtFLmLmyIa
BNWrPBJoffIkp7eY1kI2
=RFSt
-----END PGP SIGNATURE-----
| VAR-201609-0246 | CVE-2016-4748 | Apple OS X of Perl Vulnerabilities that bypass tainted mode protection mechanisms |
CVSS V2: 4.6 CVSS V3: 5.3 Severity: MEDIUM |
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall
| VAR-201609-0243 | CVE-2016-4745 | Apple OS X of Kerberos 5 PAM Module user account enumeration vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12. Kerberos 5 (aka krb5) PAM is one of the network authentication protocol components. The vulnerability stems from the fact that the program does not use constant-time operations to verify that the user name is valid. A remote attacker could exploit this vulnerability to enumerate user accounts
| VAR-201609-0242 | CVE-2016-4742 | Apple OS X of NSSecureTextField Vulnerabilities in which credentials are obtained |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12. NSSecureTextField is one of the components used to mask passwords. The vulnerability stems from the fact that the program does not enable Secure Input
| VAR-201609-0239 | CVE-2016-4739 | Apple OS X of mDNSResponder Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12. mDNSResponder is a component that provides unicast and multicast mDNS services
| VAR-201609-0255 | CVE-2016-4759 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768. Apple iTunes, TV OS, Safari and iOS are prone to multiple memory-corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; iTunes is a set of media player applications; Safari is a web browser that comes with the Mac OS X and iOS operating systems. default browser for . WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple iOS prior to 10, tvOS prior to 10, iTunes prior to 12.5.1 on Windows-based platforms, Safari prior to 10. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-2 Safari 10
Safari 10 is now available and addresses the following:
Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4733 : Natalie Silvanovich of Google Project Zero
CVE-2016-4765 : Apple
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-6 tvOS 10
The tvOS 10 advisory has been released to describe the entries below:
Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
CFNetwork
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CoreCrypto
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
libxml2
Available for: Apple TV (4th generation)
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Security
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4730: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select
"Settings -> General -> About.a
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4YUuAAoJEIOj74w0bLRGEKwQAND90p4tiCZDr5z+T94m4428
e2g+h5c5RtY0tV7j1whSLrPSoX0ez7S9T3p9/O9VoHHKhm8AvE/bqm79tjsi4TwB
oEutlCLTRvq8LeDbIhG5qDsUm+bTfgBfJ+1XCHLVFi2Bbm0fZgi6TbDsSCxLgmZU
DWNfUz24QV1gOMS7rZVQ8Og7tNQsv78CExENnQFgN0dM9XfAn97JgTnwQwzjf9sf
ywbbhVjLOH1NTrevFisZKq8NLbh+keXT8Ek8axyvk2CiVOeWFoRrVtZX03J73iAG
NCCiY1wgKSET91lLyBkneWj4eeHH1kvZ/DExfg7MxTg3N9z7EHSyKF1ON3BqdtBO
hSYpux4K+zN48bgPbgB+O+qy4t4m7mwrz2C4K7gW6whgN6DC/mH6P1qyQv4rXBXv
LGzEjXzMjbb0Ux5xuw81tkFkfMEY2uRlgNaaYO0R86YinMkgOyRYdDbmbK62AReq
DWuiB0o0CJ9ip8YKLuBS7jT5/0uNEp4Nc6s1Y/D4hx/SxIhNRPMRryoEkrFLxG0q
hZBaNeCKa+Vy7S0Tfd8c3x3vUybpaRZjFUlal3cD2hgLiKkxMFIKli+y5rNCG8zH
EbLmWFA8RwaDlEKkKmKD8bASRqw/tILbgJ9E5As0U12h81CJsNPDweQTShaN6Z+B
svyBFoBkuLMo7dSDZ9iW
=y/KT
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0251 | CVE-2016-4753 | plural Apple Vulnerability in the kernel of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS, tvOS, MacOS and watchOS are prone to an arbitrary code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A memory corruption vulnerability exists in Security in several Apple products due to the program's improper handling of signed disk images. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-5 watchOS 3
The watchOS 3 advisory has been updated to include additional entries
as noted below.
Audio
Available for: All Apple Watch models
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
CFNetwork
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CoreCrypto
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: All Apple Watch models
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: All Apple Watch models
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IOAcceleratorFamily
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: An anonymous researcher
Entry added September 20, 2016
Kernel
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: All Apple Watch models
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: All Apple Watch models
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
libxml2
Available for: All Apple Watch models
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: All Apple Watch models
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4737: Apple
Entry added September 20, 2016
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah
yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P
3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G
a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC
xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd
XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy
GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I
OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X
fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf
Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0
4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt
yHVD9Vuo3lqcs8fMnUow
=yYuL
-----END PGP SIGNATURE-----
| VAR-201609-0277 | CVE-2016-4712 | plural Apple Product CoreCrypto Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. plural Apple Product CoreCrypto Any code that could be executed or service disruption ( Out-of-bounds writing ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, tvOS, OS X, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. CoreCrypto is one of the core components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"