var-201602-0206
Vulnerability from variot
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X and iOS are prone to multiple memory-corruption vulnerabilities. An attacker can leverage these issues to execute arbitrary code with kernel privileges. Failed exploit attempts will likely result in denial of service conditions. in the United States. The IOHIDFamily API is one of the kernel extensions (Abstract Interface for Human Interface Devices) API components. A security vulnerability exists in the IOHIDFamily API of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.2.1, OS X versions prior to 10.11.3, and tvOS versions prior to 9.1.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-2 watchOS 2.2
watchOS 2.2 is now available and addresses the following:
Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team
FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero
IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor
Messages Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
syslog Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs
TrueTypeScaler Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
WebKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple
Wi-Fi Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6 CHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9 +bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt xLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu ArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb 5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why oB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4 5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+ 7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9 MGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj nmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b 82FzLX2fEJg5XYLhXQrg =lORW -----END PGP SIGNATURE----- . CVE-ID CVE-2015-7995 : puzzor
OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. CVE-ID CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix
WebSheet Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious captive portal may be able to access the user's cookies Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.1"
},
{
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.11 to v10.11.2"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.1 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.1 (iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.2.1 (ipod touch first 5 after generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "9.1.1 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch edition)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch hermes)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch sport)"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.2 (apple watch)"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.11.2"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "81277"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135385"
},
{
"db": "PACKETSTORM",
"id": "135325"
}
],
"trust": 0.4
},
"cve": "CVE-2016-1719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1719",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-90538",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-1719",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1719",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1719",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90538",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X and iOS are prone to multiple memory-corruption vulnerabilities. \nAn attacker can leverage these issues to execute arbitrary code with kernel privileges. Failed exploit attempts will likely result in denial of service conditions. in the United States. The IOHIDFamily API is one of the kernel extensions (Abstract Interface for Human Interface Devices) API components. A security vulnerability exists in the IOHIDFamily API of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.2.1, OS X versions prior to 10.11.3, and tvOS versions prior to 9.1.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-2 watchOS 2.2\n\nwatchOS 2.2 is now available and addresses the following:\n\nDisk Images\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team\n\nFontParser\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1719 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1720 : Ian Beer of Google Project Zero\nCVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend\nMicro\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to bypass code signing\nDescription: A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nlibxslt\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-7995 : puzzor\n\nMessages\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nSecurity\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nsyslog\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs\n\nTrueTypeScaler\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1723 : Apple\nCVE-2016-1724 : Apple\nCVE-2016-1725 : Apple\nCVE-2016-1726 : Apple\nCVE-2016-1727 : Apple\n\nWi-Fi\nAvailable for: Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6\nCHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9\n+bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt\nxLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu\nArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb\n5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why\noB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4\n5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+\n7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9\nMGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj\nnmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b\n82FzLX2fEJg5XYLhXQrg\n=lORW\n-----END PGP SIGNATURE-----\n. \nCVE-ID\nCVE-2015-7995 : puzzor\n\nOSA Scripts\nAvailable for: OS X El Capitan v10.11 to v10.11.2\nImpact: A quarantined application may be able to override OSA script\nlibraries installed by the user\nDescription: An issue existed when searching for scripting\nlibraries. \nCVE-ID\nCVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix\n\nWebSheet\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious captive portal may be able to access the user\u0027s\ncookies\nDescription: An issue existed that allowed some captive portals to\nread or write cookies. The issue was addressed through an isolated\ncookie store for all captive portals",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1719"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "BID",
"id": "81277"
},
{
"db": "VULHUB",
"id": "VHN-90538"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135385"
},
{
"db": "PACKETSTORM",
"id": "135325"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1719",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "135440",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "135443",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "135441",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "135442",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "135438",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "135439",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39364",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39359",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39363",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39362",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39361",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "39360",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1034736",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90405245",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002",
"trust": 0.7
},
{
"db": "BID",
"id": "81277",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136343",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135326",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135385",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135325",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90538"
},
{
"db": "BID",
"id": "81277"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135385"
},
{
"db": "PACKETSTORM",
"id": "135325"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"id": "VAR-201602-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90538"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:37:57.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-03-21-2 watchOS 2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"title": "APPLE-SA-2016-01-19-1 iOS 9.2.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html"
},
{
"title": "APPLE-SA-2016-01-25-1 tvOS 9.1.1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html"
},
{
"title": "APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html"
},
{
"title": "HT205729",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205729"
},
{
"title": "HT205731",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205731"
},
{
"title": "HT206168",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT206168"
},
{
"title": "HT205732",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205732"
},
{
"title": "HT205732",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205732"
},
{
"title": "HT206168",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT206168"
},
{
"title": "HT205729",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205729"
},
{
"title": "HT205731",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205731"
},
{
"title": "Multiple Apple product IOHIDFamily API Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60013"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/jan/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205729"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205731"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205732"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht206168"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39359/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39360/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39361/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39362/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39363/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39364/"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135438/ios-kernel-ioreporthub-use-after-free.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135439/ios-kernel-iohideventservice-use-after-free.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135440/ios-kernel-appleoscarcma-use-after-free.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135441/ios-kernel-appleoscarcompass-use-after-free.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135442/ios-kernel-appleoscaraccelerometer-use-after-free.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135443/ios-kernel-appleoscargyro-use-after-free.html"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=603"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=604"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=605"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=606"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=607"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/google-security-research/issues/detail?id=608"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034736"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1719"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90405245/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1719"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
},
{
"trust": 0.4,
"url": "https://gpgtools.org"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1721"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1722"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1717"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1719"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/osx/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht205729"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1727"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1724"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1725"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1726"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1728"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90538"
},
{
"db": "BID",
"id": "81277"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135385"
},
{
"db": "PACKETSTORM",
"id": "135325"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90538"
},
{
"db": "BID",
"id": "81277"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"db": "PACKETSTORM",
"id": "136343"
},
{
"db": "PACKETSTORM",
"id": "135326"
},
{
"db": "PACKETSTORM",
"id": "135385"
},
{
"db": "PACKETSTORM",
"id": "135325"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90538"
},
{
"date": "2016-01-19T00:00:00",
"db": "BID",
"id": "81277"
},
{
"date": "2016-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"date": "2016-03-22T15:09:54",
"db": "PACKETSTORM",
"id": "136343"
},
{
"date": "2016-01-20T16:54:51",
"db": "PACKETSTORM",
"id": "135326"
},
{
"date": "2016-01-26T13:33:33",
"db": "PACKETSTORM",
"id": "135385"
},
{
"date": "2016-01-20T16:51:56",
"db": "PACKETSTORM",
"id": "135325"
},
{
"date": "2016-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"date": "2016-02-01T11:59:03.150000",
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-90538"
},
{
"date": "2016-07-06T14:08:00",
"db": "BID",
"id": "81277"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001402"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-002"
},
{
"date": "2024-11-21T02:46:57.280000",
"db": "NVD",
"id": "CVE-2016-1719"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "81277"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product IOHIDFamily API Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-002"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.