Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-7602 (GCVE-0-2016-7602)
Vulnerability from cvelistv5
- n/a
| URL | Tags | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "94903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-7602",
"datePublished": "2017-02-20T08:35:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:55.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7602\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-02-20T08:59:02.197\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \\\"Intel Graphics Driver\\\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 est\u00e1 afectado. El problema involucra al componente \\\"Intel Graphics Driver\\\". Esto permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una aplicaci\u00f3n manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.12.1\",\"matchCriteriaId\":\"1ACD43C5-75C1-4489-8617-77DFB9C23D10\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94903\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037469\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207423\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2016-7602
Vulnerability from gsd
{
"GSD": {
"alias": "CVE-2016-7602",
"description": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",
"id": "GSD-2016-7602"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7602"
],
"details": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",
"id": "GSD-2016-7602",
"modified": "2023-12-13T01:21:20.646910Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7602"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207423"
},
{
"name": "94903",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1037469"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-27T01:29Z",
"publishedDate": "2017-02-20T08:59Z"
}
}
}
cnvd-2016-12730
Vulnerability from cnvd
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://support.apple.com/zh-cn/HT207423
| Name | Apple macOS Sierra <10.12.2 |
|---|
{
"bids": {
"bid": {
"bidNumber": "94903"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-7602"
}
},
"description": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Intel Graphics Driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u663e\u5361\u9a71\u52a8\u3002\r\n\r\nApple macOS Sierra 10.12.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Intel Graphics Driver\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5185\u6838\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "daybreaker@Minionz working with Trend Micro\u0027s Zero Day Initiative",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT207423",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-12730",
"openTime": "2016-12-21",
"patchDescription": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Intel Graphics Driver\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u663e\u5361\u9a71\u52a8\u3002\r\n\r\nApple macOS Sierra 10.12.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Intel Graphics Driver\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5185\u6838\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple macOS Sierra Intel Graphics Driver\u7ec4\u4ef6\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple macOS Sierra \u003c10.12.2"
},
"referenceLink": "http://www.securityfocus.com/bid/94903",
"serverity": "\u9ad8",
"submitTime": "2016-12-16",
"title": "Apple macOS Sierra Intel Graphics Driver\u7ec4\u4ef6\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
CERTFR-2016-AVI-411
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2016-7646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7646"
},
{
"name": "CVE-2016-7615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7615"
},
{
"name": "CVE-2016-7411",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7411"
},
{
"name": "CVE-2016-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7643"
},
{
"name": "CVE-2016-7624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7624"
},
{
"name": "CVE-2016-7589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7589"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7645"
},
{
"name": "CVE-2016-7650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7650"
},
{
"name": "CVE-2016-7591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7591"
},
{
"name": "CVE-2016-7629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7629"
},
{
"name": "CVE-2016-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7637"
},
{
"name": "CVE-2016-7649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7649"
},
{
"name": "CVE-2016-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4688"
},
{
"name": "CVE-2016-7640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7640"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-7620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7620"
},
{
"name": "CVE-2016-7587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7587"
},
{
"name": "CVE-2016-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7616"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7659"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-7663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7663"
},
{
"name": "CVE-2016-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7648"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2016-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7595"
},
{
"name": "CVE-2016-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7657"
},
{
"name": "CVE-2016-7639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7639"
},
{
"name": "CVE-2016-7610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7610"
},
{
"name": "CVE-2016-7605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7605"
},
{
"name": "CVE-2016-7588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7588"
},
{
"name": "CVE-2016-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7636"
},
{
"name": "CVE-2016-7602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7602"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-7652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7652"
},
{
"name": "CVE-2016-7641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7641"
},
{
"name": "CVE-2016-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7642"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7608"
},
{
"name": "CVE-2016-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4743"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2016-7621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7621"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2016-7606",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7606"
},
{
"name": "CVE-2016-7418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7418"
},
{
"name": "CVE-2016-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7614"
},
{
"name": "CVE-2016-7596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7596"
},
{
"name": "CVE-2016-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4691"
},
{
"name": "CVE-2016-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4692"
},
{
"name": "CVE-2016-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7592"
},
{
"name": "CVE-2016-7604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7604"
},
{
"name": "CVE-2016-7586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7586"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2016-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7654"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2016-7609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7609"
},
{
"name": "CVE-2016-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7611"
},
{
"name": "CVE-2016-7416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7416"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2016-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7635"
},
{
"name": "CVE-2016-7599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7599"
},
{
"name": "CVE-2016-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4693"
},
{
"name": "CVE-2016-7633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7633"
},
{
"name": "CVE-2016-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7658"
},
{
"name": "CVE-2016-7417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7417"
},
{
"name": "CVE-2016-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7662"
},
{
"name": "CVE-2016-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7660"
},
{
"name": "CVE-2016-7612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7612"
},
{
"name": "CVE-2016-7414",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7414"
},
{
"name": "CVE-2016-7625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7625"
},
{
"name": "CVE-2016-7644",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7644"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1823"
},
{
"name": "CVE-2016-7412",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7412"
},
{
"name": "CVE-2016-7627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7627"
},
{
"name": "CVE-2016-7632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7632"
},
{
"name": "CVE-2016-7661",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7661"
},
{
"name": "CVE-2016-7607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7607"
},
{
"name": "CVE-2016-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7655"
},
{
"name": "CVE-2016-7594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7594"
},
{
"name": "CVE-2016-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7598"
},
{
"name": "CVE-2016-7622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7622"
},
{
"name": "CVE-2016-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7656"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-7617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7617"
},
{
"name": "CVE-2016-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7619"
},
{
"name": "CVE-2016-7600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7600"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2016-7603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7603"
},
{
"name": "CVE-2016-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7618"
},
{
"name": "CVE-2016-7413",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7413"
},
{
"name": "CVE-2016-7628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7628"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
}
],
"initial_release_date": "2016-12-14T00:00:00",
"last_revision_date": "2016-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-411",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207424 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207424"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207421 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207427 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207427"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207423 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207423"
}
]
}
var-201702-0201
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within AppleIntelFramebufferAzul. The issue lies with the failure to validate user-supplied arguments which can cause a null pointer dereference. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel. Apple macOS is prone to multiple security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-12-13-1 macOS 10.12.2
macOS 10.12.2 is now available and addresses the following:
apache_mod_php Available for: macOS Sierra 10.12.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26. CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418
AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
Assets Available for: macOS Sierra 10.12.1 Impact: A local attacker may modify downloaded mobile assets Description: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions. CVE-2016-7628: an anonymous researcher
Audio Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Bluetooth Available for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group
Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7605: daybreaker of Minionz
Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero
CoreCapture Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved state management. CVE-2016-7604: daybreaker of Minionz
CoreFoundation Available for: macOS Sierra 10.12.1 Impact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking. CVE-2016-7663: an anonymous researcher
CoreGraphics Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7627: TRAPMINE Inc. CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day Initiative
CoreMedia Playback Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
CoreStorage Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
CoreText Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform Department
curl Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0. CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625
Directory Services Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7633: Ian Beer of Google Project Zero
Disk Images Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform Department
FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4688: Simon Huang of Alipay company, thelongestusernameofall@gmail.com
Foundation Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform Department
Grapher Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform Department
ICU Available for: macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7594: AndrA(c) Bargull
ImageIO Available for: macOS Sierra 10.12.1 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
IOAcceleratorFamily Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
IOFireWireFamily Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to read kernel memory Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-1823: Ian Beer of Google Project Zero
IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7591: daybreaker of Minionz
IOKit Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
IOKit Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day Initiative
IOSurface Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com) CVE-2016-7612: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space. CVE-2016-7607: Brandon Azad
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management. CVE-2016-7621: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7637: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7644: Ian Beer of Google Project Zero
kext tools Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7629: @cocoahuke
libarchive Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to overwrite existing files Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2016-7619: an anonymous researcher
LibreSSL Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304
OpenLDAP Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a default cipher. CVE-2016-1777: Pepi Zawodsky
OpenPAM Available for: macOS Sierra 10.12.1 Impact: A local unprivileged user may gain access to privileged applications Description: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling. CVE-2016-7600: Perette Barella of DeviousFish.com
OpenSSL Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code Description: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation. CVE-2016-6304
Power Management Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7661: Ian Beer of Google Project Zero
Security Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher. CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA Paris
Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Security Available for: macOS Sierra 10.12.1 Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates. CVE-2016-7662: Apple
syslog Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7660: Ian Beer of Google Project Zero
macOS 10.12.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh mMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl xTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX UhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE fHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP SJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC c63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh +x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4 OELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY xPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u 0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf msyz+/zQNISkly6K0VBO =0QW0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "os x",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "daybreaker@Minionz",
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-643"
}
],
"trust": 0.7
},
"cve": "CVE-2016-7602",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-7602",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-7602",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-96422",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-7602",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7602",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-7602",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2016-7602",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-496",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96422",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "VULHUB",
"id": "VHN-96422"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within AppleIntelFramebufferAzul. The issue lies with the failure to validate user-supplied arguments which can cause a null pointer dereference. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel. Apple macOS is prone to multiple security vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-12-13-1 macOS 10.12.2\n\nmacOS 10.12.2 is now available and addresses the following:\n\napache_mod_php\nAvailable for: macOS Sierra 10.12.1\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues existed in PHP before 5.6.26. These were\naddressed by updating PHP to version 5.6.26. \nCVE-2016-7411\nCVE-2016-7412\nCVE-2016-7413\nCVE-2016-7414\nCVE-2016-7416\nCVE-2016-7417\nCVE-2016-7418\n\nAppleGraphicsPowerManagement\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7609: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nAssets\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may modify downloaded mobile assets\nDescription: A permissions issue existed in mobile assets. This issue\nwas addressed through improved access restrictions. \nCVE-2016-7628: an anonymous researcher\n\nAudio\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of\nSynopsys Software Integrity Group\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7605: daybreaker of Minionz\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7617: Radu Motspan working with Trend Micro\u0027s Zero Day\nInitiative, Ian Beer of Google Project Zero\n\nCoreCapture\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved state management. \nCVE-2016-7604: daybreaker of Minionz\n\nCoreFoundation\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing malicious strings may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nstrings. This issue was addressed through improved bounds checking. \nCVE-2016-7663: an anonymous researcher\n\nCoreGraphics\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\nunexpected application termination\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7627: TRAPMINE Inc. \nCVE-2016-7655: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreMedia Playback\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted .mp4 file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\nCoreStorage\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7603: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreText\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\ncurl\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: Multiple issues existed in curl. These issues were\naddressed by updating to curl version 7.51.0. \nCVE-2016-5419\nCVE-2016-5420\nCVE-2016-5421\nCVE-2016-7141\nCVE-2016-7167\nCVE-2016-8615\nCVE-2016-8616\nCVE-2016-8617\nCVE-2016-8618\nCVE-2016-8619\nCVE-2016-8620\nCVE-2016-8621\nCVE-2016-8622\nCVE-2016-8623\nCVE-2016-8624\nCVE-2016-8625\n\nDirectory Services\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7633: Ian Beer of Google Project Zero\n\nDisk Images\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7616: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nFontParser\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2016-4688: Simon Huang of Alipay company,\nthelongestusernameofall@gmail.com\n\nFoundation\nAvailable for: macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nGrapher\nAvailable for: macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nICU\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7594: AndrA(c) Bargull\n\nImageIO\nAvailable for: macOS Sierra 10.12.1\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-7602: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOAcceleratorFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOFireWireFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-1823: Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7591: daybreaker of Minionz\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7657: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOSurface\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\nCVE-2016-7612: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: An insufficient initialization issue was addressed by\nproperly initializing memory returned to user space. \nCVE-2016-7607: Brandon Azad\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2016-7615: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7621: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7637: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7644: Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7629: @cocoahuke\n\nlibarchive\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may be able to overwrite existing files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2016-7619: an anonymous researcher\n\nLibreSSL\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nOpenLDAP\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: RC4 was removed as a default cipher. \nCVE-2016-1777: Pepi Zawodsky\n\nOpenPAM\nAvailable for: macOS Sierra 10.12.1\nImpact: A local unprivileged user may gain access to privileged\napplications\nDescription: PAM authentication within sandboxed applications failed\ninsecurely. This was addressed with improved error handling. \nCVE-2016-7600: Perette Barella of DeviousFish.com\n\nOpenSSL\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code\nDescription: An overflow issue existed in MDC2_Update(). This issue\nwas addressed through improved input validation. \nCVE-2016-6304\n\nPower Management\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7661: Ian Beer of Google Project Zero\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the 3DES\ncryptographic algorithm\nDescription: 3DES was removed as a default cipher. \nCVE-2016-4693: GaA\u003c\u003ctan Leurent and Karthikeyan Bhargavan from INRIA\nParis\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: A validation issue existed in the handling of OCSP\nresponder URLs. This issue was addressed by verifying OCSP revocation\nstatus after CA validation and limiting the number of OCSP requests\nper certificate. \nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: Certificates may be unexpectedly evaluated as trusted\nDescription: A certificate evaluation issue existed in certificate\nvalidation. This issue was addressed through additional validation of\ncertificates. \nCVE-2016-7662: Apple\n\nsyslog\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7660: Ian Beer of Google Project Zero\n\nmacOS 10.12.2 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh\nmMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl\nxTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX\nUhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE\nfHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP\nSJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC\nc63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh\n+x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4\nOELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY\nxPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u\n0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf\nmsyz+/zQNISkly6K0VBO\n=0QW0\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7602"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "VULHUB",
"id": "VHN-96422"
},
{
"db": "PACKETSTORM",
"id": "140151"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7602",
"trust": 3.6
},
{
"db": "BID",
"id": "94903",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037469",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97133642",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3985",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-643",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96422",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140151",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "VULHUB",
"id": "VHN-96422"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "PACKETSTORM",
"id": "140151"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"id": "VAR-201702-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96422"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:47:56.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT207423",
"trust": 1.5,
"url": "https://support.apple.com/en-us/HT207423"
},
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-12-13-1 macOS 10.12.2",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html"
},
{
"title": "HT207423",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207423"
},
{
"title": "Apple macOS Sierra Intel Graphics Driver Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66530"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96422"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94903"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207423"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037469"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7602"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97133642/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7602"
},
{
"trust": 0.7,
"url": "https://support.apple.com/en-us/ht207423"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1823"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7416"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4691"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7596"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7600"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "VULHUB",
"id": "VHN-96422"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "PACKETSTORM",
"id": "140151"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"db": "VULHUB",
"id": "VHN-96422"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"db": "PACKETSTORM",
"id": "140151"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-96422"
},
{
"date": "2016-12-13T00:00:00",
"db": "BID",
"id": "94903"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"date": "2016-12-14T12:12:12",
"db": "PACKETSTORM",
"id": "140151"
},
{
"date": "2016-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"date": "2017-02-20T08:59:02.197000",
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "ZDI",
"id": "ZDI-16-643"
},
{
"date": "2017-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-96422"
},
{
"date": "2016-12-20T00:09:00",
"db": "BID",
"id": "94903"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007388"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-496"
},
{
"date": "2024-11-21T02:58:17",
"db": "NVD",
"id": "CVE-2016-7602"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple macOS of Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007388"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-496"
}
],
"trust": 0.6
}
}
fkie_cve-2016-7602
Vulnerability from fkie_nvd
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.securityfocus.com/bid/94903 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1037469 | ||
| product-security@apple.com | https://support.apple.com/HT207423 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94903 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037469 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT207423 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD43C5-75C1-4489-8617-77DFB9C23D10",
"versionEndIncluding": "10.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 est\u00e1 afectado. El problema involucra al componente \"Intel Graphics Driver\". Esto permite a atacantes ejecutar c\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una aplicaci\u00f3n manipulada."
}
],
"id": "CVE-2016-7602",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-20T08:59:02.197",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT207423"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-wm6x-gjxw-642c
Vulnerability from github
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
{
"affected": [],
"aliases": [
"CVE-2016-7602"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-20T08:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.",
"id": "GHSA-wm6x-gjxw-642c",
"modified": "2022-05-17T02:25:31Z",
"published": "2022-05-17T02:25:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7602"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207423"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037469"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.