VARIoT IoT vulnerabilities database
| VAR-201605-0427 | CVE-2016-1857 | Apple Used in products Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ArrayBuffer objects. By triggering certain JavaScript optimizations, an attacker can force an ArrayBuffer in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome.
===========================================================================
Ubuntu Security Notice USN-3079-1
September 14, 2016
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3079-1
CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858,
CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,
CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591,
CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------
Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,
CVE-2016-1858, CVE-2016-1859.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1854
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Anonymous working with Trend Micro's Zero Day Initiative.
CVE-2016-1856
Versions affected: WebKitGTK+ before 2.12.1.
Credit to lokihardt working with Trend Micro's Zero Day Initiative.
CVE-2016-1857
Versions affected: WebKitGTK+ before 2.12.3.
Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative.
CVE-2016-1858
Versions affected: WebKitGTK+ before 2.12.0.
Credit to Anonymous.
CVE-2016-1859
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend
Micro's Zero Day Initiative.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
May 30, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-5 Safari 9.1.1
Safari 9.1.1 is now available and addresses the following:
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1858 : an anonymous researcher
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative
WebKit Canvas
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+
LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca
ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi
GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8
P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo
N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF
FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3
2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql
XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7
CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2
SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL
6xvn35QzPS6xQsexYsbi
=Ybx7
-----END PGP SIGNATURE-----
| VAR-201605-0426 | CVE-2016-1856 | Apple Used in products Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Safari manages the lifetime of TextTrack objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome.
===========================================================================
Ubuntu Security Notice USN-3079-1
September 14, 2016
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3079-1
CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858,
CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,
CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591,
CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------
Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,
CVE-2016-1858, CVE-2016-1859.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1854
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Anonymous working with Trend Micro's Zero Day Initiative.
CVE-2016-1856
Versions affected: WebKitGTK+ before 2.12.1.
Credit to lokihardt working with Trend Micro's Zero Day Initiative.
CVE-2016-1857
Versions affected: WebKitGTK+ before 2.12.3.
Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative.
CVE-2016-1858
Versions affected: WebKitGTK+ before 2.12.0.
Credit to Anonymous.
CVE-2016-1859
Versions affected: WebKitGTK+ before 2.12.1.
Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend
Micro's Zero Day Initiative.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
May 30, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-5 Safari 9.1.1
Safari 9.1.1 is now available and addresses the following:
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the
history. The issue was addressed through improved data deletion.
CVE-ID
CVE-2016-1849 : Adham Ghrayeb
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1858 : an anonymous researcher
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative
WebKit Canvas
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+
LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca
ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi
GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8
P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo
N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF
FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3
2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql
XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7
CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2
SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL
6xvn35QzPS6xQsexYsbi
=Ybx7
-----END PGP SIGNATURE-----
| VAR-201605-0398 | CVE-2016-1742 | Apple iTunes Vulnerability that can be obtained by the right installer |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL You may get permission through. iTunes is prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to iTunes 12.4 are vulnerable. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. The vulnerability stems from a dynamic library loading problem during the installation process of the program. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-6 iTunes 12.4
iTunes 12.4 is now available and addresses the following:
iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
have resulted in arbitrary code execution
Description: A dynamic library loading issue existed in iTunes
setup. This was addressed through improved path searching.
CVE-ID
CVE-2016-1742 : Stefan Kanthak and
YoKo Kho (yokoacc) of MII - Consulting & Advisory Svc. Dept.
iTunes 12.4 may be obtained from:
http://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0OAAoJEIOj74w0bLRGjA0QANTHzjNUsByxmLOpQfNcEHEy
3lXFmf00E7C6lq7DgQMPfbYOgXz+lAJuUuyt88OK6k9w+ADm+huxna6O+Gy4f+ST
W1T2eu78vJG42QRji1f9PAa8M9roQjziL35iCRZCpeN5kLwXK8BHGSjvB33hjkGy
a7GzWuT27iwUcEvTHSWACYtVqfDYre5l4Jyk0/CviWgb7zms7HC+SBbAGS3TfZRh
LxT2JeF+dQ4Ajug21O8IJrOJtNwgppkssrSqtvVezYNvmTVuELPtm+5Mo0Ggqhr7
vo3SxcOvZ7xqyA9F2klLV27oity7FLMXg2NyqWnngpRJoxnnck8PcB9/FSGpVpWt
/RmF6zIII792jfcmRYhe8IwgbpO6w8r4o4dJX3FLuWmk1HajT9itgZkMPIIfUdP7
hxvfmK4GBv09AP/o+oXi+Zoq3X0HbZhp+djcI9hx0T9a1bw7g0H31g54NMhqCxez
vl0M04Y3+GmtXuIJNIzJuuIh4JMMfGN9SXO5NAzFzOlQ6bn96/uR9o4e+2LAuH29
HuACxqu6gaOOt/bv0AOSloPyIOSnfgH1v5Zt9QV2qDpChTSPqL0b5nnqwcv5yv7l
InSa1oWL+WJ1FSlB7dLC01Sii4uRTC6Oud+ShWsoqMKYJouODqry8hlIG4Qqzexl
fnEDC7oEvN/gpW1EXu7v
=Aip6
-----END PGP SIGNATURE-----
| VAR-201605-0424 | CVE-2016-1854 | Apple Used in products Webkit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DataCue objects. By manipulating a document's elements an attacker can cause a DataCue object in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome.
===========================================================================
Ubuntu Security Notice USN-3079-1
September 14, 2016
webkit2gtk vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3079-1
CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858,
CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586,
CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591,
CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------
Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,
CVE-2016-1858, CVE-2016-1859.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1854
Versions affected: WebKitGTK+ before 2.12.1.
CVE-2016-1856
Versions affected: WebKitGTK+ before 2.12.1.
CVE-2016-1857
Versions affected: WebKitGTK+ before 2.12.3.
CVE-2016-1858
Versions affected: WebKitGTK+ before 2.12.0.
Credit to Anonymous.
CVE-2016-1859
Versions affected: WebKitGTK+ before 2.12.1.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
May 30, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-1 tvOS 9.2.1
tvOS 9.2.1 is now available and addresses the following:
CFNetwork Proxies
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
Disk Images
Available for: Apple TV (4th generation)
Impact: An application may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
libc
Available for: Apple TV (4th generation)
Impact: An application may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may disclose data
from another website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking.
CVE-ID
CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day
Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day
Initiative
CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of
KeenLab, Tencent working with Trend Micro's Zero Day Initiative
WebKit Canvas
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOjzyAAoJEIOj74w0bLRGWI8P/jLFPTwi0qbBczPo3VUwDR07
ZPtJa1T0RXjshbBNgpNde8wiD9ZbYE9/ahrOPlmGupxrX6GKMGPPLtbD3msPlkCp
BQbo/NgK0+uzkUNhzmS0cwsJNjRfbswIkV4iDBpxTvE+n0LheJqp416XSYlqimtx
zrNq7Qm3koqdTHafOXMzuOUkD957p1ii9SHJZBGyF68XT2QmEgc+L3lg6QVJ9jwU
HnQ4SuViEZ+qQKEqmo8ADXkzuJfiPsmeiTDWWCdgLhlM6ucTWxhOXbZP6mbmCBLa
zc9jW9gjbxBAHOTJqjlqNrAtP01VGf5Vqel+jSOaAAXMrP8Dk4/e26qj6PL6iAu3
CbHusl8ItSPAUaTMP8K3WVUiseFDWENKMz2i4VS/nZvoaGtHeJefek3RIyaQw1sQ
IcLqmbMmhUgY8voFHWz9RHMJX7wL6MuZWm2mHFvJ2XKxbQdeLD3d5yABRju9gldn
/FcSkDmFXqVZKnfFpli877am1Z4jVXBgrWMGdEV3HENhV9WYTyGBZG8eZDTLiQqe
pw8DZufpPZt0U/c2X+/qH5AQjcdStTfzv0xb3MqVh5GP3dZoQnP3nTlGRv2a7Vlf
v0XdrgNCv2s7CLelv6WiXcEeeVP95XkwNTFf1+oZaZxwFZeY+iAkiR1Z7ItdWlFQ
bdUbGfVTcdKWfjj6Jwr+
=CLh/
-----END PGP SIGNATURE-----
| VAR-201605-0459 | CVE-2016-1817 | plural Apple Product IOAcceleratorFamily Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IOAcceleratorFamily2 interface. The issue lies in the failure to ensure that a user-supplied size is within the bounds of the allocated buffer. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865
CVE-2016-3141
CVE-2016-3142
CVE-2016-4070
CVE-2016-4071
CVE-2016-4072
CVE-2016-4073
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day
Initiative
Audio
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1812 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0455 | CVE-2016-1813 | plural Apple Product IOAcceleratorFamily Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team
[http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0453 | CVE-2016-1811 | plural Apple Product ImageIO Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. ImageIO is one of the static methods used to perform common image I/O operations.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865
CVE-2016-3141
CVE-2016-3142
CVE-2016-4070
CVE-2016-4071
CVE-2016-4072
CVE-2016-4073
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team
[http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0443 | CVE-2016-1801 | Proxy auto-config (PAC) files have access to full HTTPS URLs |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors. Web proxy auto-config (PAC) files are passed the full HTTPS URL in GET requests which may expose sensitive data. In addition, JVNVU#90289707 Then CWE-212 It is published as CWE-212: Improper Cross-boundary Removal of Sensitive Data https://cwe.mitre.org/data/definitions/212.htmlImportant information may be obtained by a third party. Apple tvOS, Mac OS X and iOS are prone to an information-disclosure vulnerability.
Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. CFNetwork Proxies is one of the components used to handle proxy connection response issues. The vulnerability stems from the program's improper handling of URLs in HTTP and HTTPS requests. This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865
CVE-2016-3141
CVE-2016-3142
CVE-2016-4070
CVE-2016-4071
CVE-2016-4072
CVE-2016-4073
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day
Initiative
Audio
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1812 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team
[http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0449 | CVE-2016-1807 | plural Apple Vulnerability in product disk image subsystem that can retrieve important information from kernel memory |
CVSS V2: 1.9 CVSS V3: 5.1 Severity: MEDIUM |
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. Disk Images is one of the disk image format components.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865
CVE-2016-3141
CVE-2016-3142
CVE-2016-4070
CVE-2016-4071
CVE-2016-4072
CVE-2016-4073
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day
Initiative
Audio
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1812 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team
[http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0444 | CVE-2016-1802 | plural Apple Product CommonCrypto of CCCrypt Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app. plural Apple Product CommonCrypto of CCCrypt Contains a vulnerability in which important information is obtained because the return value is handled incorrectly when calculating the key length.An attacker could gain valuable information through a crafted application. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. CommonCrypto is one of the encryption and decryption libraries. Properly handle return values from CCCrypt.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865
CVE-2016-3141
CVE-2016-3142
CVE-2016-4070
CVE-2016-4071
CVE-2016-4072
CVE-2016-4073
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day
Initiative
Audio
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1812 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team
[http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0450 | CVE-2016-1808 | plural Apple Product Disk Image Subsystem Vulnerability in Arbitrary Code Execution in Privileged Context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the IOHDIXController interface. The issue lies with the failure to validate user-supplied function addresses prior to using them. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. Disk Images is one of the disk image format components. The vulnerability stems from the program not correctly parsing disk images.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2015-8865
CVE-2016-3141
CVE-2016-3142
CVE-2016-4070
CVE-2016-4071
CVE-2016-4072
CVE-2016-4073
AppleGraphicsControl
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day
Initiative
Audio
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1802 : Klaus Rodewig
CoreCapture
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1812 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through
improved locking.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0445 | CVE-2016-1803 | plural Apple Product CoreCapture Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within CoreCaptureResponder in IOKit. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition.
Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. CoreCapture is one of the screenshot components.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About". This issue was addressed by disabling
data detectors in Twitter results when the device is locked.
CVE-ID
CVE-2016-1852 : videosdebarraquito
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may disclose data from another
website
Description: An insufficient taint tracking issue in the parsing of
svg images was addressed through improved taint tracking. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003
OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:
AMD
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1792 : beist and ABH of BoB
AMD
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1791 : daybreaker of Minionz
apache_mod_php
Available for: OS X El Capitan v10.11 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.34. These were addressed by updating PHP to version 5.5.34.
CVE-ID
CVE-2016-1793 : Ian Beer of Google Project Zero
CVE-2016-1794 : Ian Beer of Google Project Zero
AppleGraphicsPowerManagement
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to determine kernel memory layout
Description: An out of bounds memory access issue was addressed
through improved memory handling.
CVE-ID
CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day
Initiative
ATS
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An issue existed in the sandbox policy. This was
addressed by sandboxing FontValidator.
CVE-ID
CVE-2016-1798 : Juwei Lin of TrendMicro
Audio
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1799 : Juwei Lin of TrendMicro
Captive Network Assistant
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code with user assistance
Description: A custom URL scheme handling issue was addressed
through improved input validation.
CVE-ID
CVE-2016-1800 : Apple
CFNetwork Proxies
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information leak existed in the handling of HTTP and
HTTPS requests. This issue was addressed through improved URL
handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information
Security
CommonCrypto
Available for: OS X El Capitan v10.11 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: An issue existed in the handling of return values in
CCCrypt. This issue was addressed through improved key length
management.
CVE-ID
CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working
with Trend Micro’s Zero Day Initiative
CoreStorage
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1805 : Stefan Esser
Crash Reporter
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
root privileges
Description: A configuration issue was addressed through additional
restrictions.
CVE-ID
CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day
Initiative
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved
locking.
CVE-ID
CVE-2016-1807 : Ian Beer of Google Project Zero
Disk Images
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
Disk Utility
Available for: OS X El Capitan v10.11 and later
Impact: Disk Utility failed to compress and encrypt disk images
Description: Incorrect keys were being used to encrypt disk images.
This issue was addressed by updating the encryption keys.
CVE-ID
CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of
TechSmartKids
Graphics Drivers
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro
ImageIO
Available for: OS X El Capitan v10.11 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1811 : Lander Brandt (@landaire)
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-ID
CVE-2016-1814 : Juwei Lin of TrendMicro
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with
Trend Micro's Zero Day Initiative
CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1813 : Ian Beer of Google Project Zero
CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of
Trend Micro
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-ID
CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of
Trend Micro working with Trend Micro’s Zero Day Initiative
IOAudioFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved validation.
CVE-ID
CVE-2016-1821 : Ian Beer of Google Project Zero
IOFireWireFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1822 : CESG
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent
IOHIDFamily
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1825 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1827 : Brandon Azad
CVE-2016-1828 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad
CVE-2016-1831 : Brandon Azad
Kernel
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow existed in dtrace. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day
Initiative
libc
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1832 : Karl Williamson
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1834 : Apple
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1839 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany
libxslt
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1841 : Sebastian Apelt
MapKit
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS.
This was addressed by enabling HTTPS for shared links.
CVE-ID
CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server or user may be able to modify another
user's contact list
Description: A validation issue existed in roster changes. This
issue was addressed through improved validation of roster sets.
CVE-ID
CVE-2016-1844 : Thijs Alkemade of Computest
Messages
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to leak sensitive user
information
Description: An encoding issue existed in filename parsing. This
issue was addressed through improved filename encoding.
CVE-ID
CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team
[http://www.knownsec.com]
Multi-Touch
Available for: OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab,
Tencent of Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1846 : Ian Beer of Google Project Zero
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks
QuickTime
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1848 : Francis Provencher from COSIG
SceneKit
Available for: OS X El Capitan v10.11 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1850 : Tyler Bohan of Cisco Talos
Screen Lock
Available for: OS X El Capitan v10.11 and later
Impact: A person with physical access to a computer may be able to
reset an expired password from the lock screen
Description: An issue existed in the management of password
profiles. This issue was addressed through improved password reset
handling.
CVE-ID
CVE-2016-1851 : an anonymous researcher
Tcl
Available for: OS X El Capitan v10.11 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A protocol security issue was addressed by disabling
SSLv2.
CVE-ID
CVE-2016-1853 : researchers at Tel Aviv University, Münster
University of Applied Sciences, Ruhr University Bochum, the
University of Pennsylvania, the Hashcat project, the University of
Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram,
Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel,
Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor
Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof
Paar, and Yuval Shavitt
Note: OS X El Capitan 10.11.5 includes the security content of Safari
9.1.1. For further details see https://support.apple.com/en-us/HT206565
OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW
HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ
yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9
2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk
bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb
igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU
CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu
STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a
LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F
I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x
Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY
YyNMZcKPuYVmF3b2PAfb
=P+17
-----END PGP SIGNATURE-----
| VAR-201605-0496 | CVE-2016-4325 | Lantronix xPrintServer contains multiple vulnerabilities |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Lantronix xPrintServer devices with firmware before 5.0.1-65 have hardcoded credentials, which allows remote attackers to obtain root access via unspecified vectors. The Lantronix xPrintServer and its accompanying cloud storage API contains several vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party, root You may get access. LantronixxPrintServer is a print server from Lantronix. A remote attacker can exploit this vulnerability to gain root privileges. Lantronix xPrintServer is prone to multiple security vulnerabilities. Other attacks are also possible.
Lantronix xPrintServer running firmware versions prior to 5.0.1-65 are vulnerable
| VAR-201605-0407 | CVE-2016-1399 | Cisco Industrial Ethernet 4000 and 5000 Run on device Cisco IOS Service disruption in future packet processing microcode (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431. The CiscoIOSon Industrial Ethernet (IE) 4000 and the Industrial Ethernet (IE) 5000 are Cisco Systems' operating systems running on Cisco IE4000 and 5000 Series switches. There is a security hole in the packet-processing microcode in Cisco IOS on Cisco IE4000 and IE5000.
An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
This issue is tracked by Cisco Bug ID CSCuy13431
| VAR-201605-0316 | CVE-2016-1208 | FileMaker server issue where PHP source code may be viewable |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. FileMaker server contains an issue where PHP source code may be viewable when Custom Web Publishing with PHP is enabled. Atsushi Matsuo of Emic Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.PHP source code may be viewable. Filemaker server is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks.
FileMaker server versions prior to 14.0.4 are vulnerable. Apple FileMaker on OS X is a set of database software run on an operating system specially developed for Mac computers by Apple in the United States. A remote attacker could exploit this vulnerability to execute arbitrary code
| VAR-201605-0031 | CVE-2016-2297 | Meteocontrol WEB'log Arbitrary command execution vulnerability |
CVSS V2: 9.7 CVSS V3: 9.4 Severity: CRITICAL |
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature.". Meteocontrol WEB'log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB'log products are prone to a remote command-execution vulnerability.
An attacker can execute arbitrary system commands within the context of the affected application
| VAR-201605-0263 | CVE-2016-2855 | Huawei Mobile Broadband HL Service In SYSTEM Privileged vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll. Huawei3G/LTE is a router product of China's Huawei company. There is a local elevation of privilege vulnerability in Huawei3G/LTE's 'MobileBroadbandHLService' service. The vulnerability stems from the folder corresponding to the service allowing users to add malicious VERSION.dll files. An attacker could exploit the vulnerability to implement a DLLsideloading attack to gain full access to the system.
The issue is fixed in Huawei 3G/LTE modem versions 22.001.25.00.03
| VAR-201605-0030 | CVE-2016-2296 | Meteocontrol WEB'log Information Disclosure Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.4 Severity: CRITICAL |
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. plural meteocontrol WEB'log Products, "post-admin" There is a vulnerability in which important information is obtained or data is changed because the login page is not required to be authenticated. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlA third party may obtain important information or change data. Meteocontrol WEB'log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB'log products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks
| VAR-201605-0032 | CVE-2016-2298 | plural meteocontrol WEB'log Vulnerabilities in which important plaintext information is obtained in products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. plural meteocontrol WEB'log The product contains a vulnerability that allows it to obtain important plaintext information.A third party may obtain important plaintext information. Meteocontrol WEB'log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB'log products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks
| VAR-201605-0314 | CVE-2016-1206 | WN-GDN/R3 Series does not limit authentication attempts |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks.
The following products are affected:
WN-GDN/R3
WN-GDN/R3-S
WN-GDN/R3-U
WN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products