var-201609-0245
Vulnerability from variot
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Mail is one of the mail clients. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-09-13-1 iOS 10
iOS 10 is now available and addresses the following:
Assets Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to block a device from receiving software updates Description: An issue existed in iOS updates, which did not properly secure user communications. This issue was addressed by using HTTPS for software updates. CVE-2016-4741 : Raul Siles of DinoSec
GeoServices Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation. CVE-2016-4719 : Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Keyboards Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Keyboard auto correct suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed through improved heuristics. CVE-2016-4746 : Antoine M of France
Mail Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker with a privileged network position may be able to intercept mail credentials Description: An issue existed when handling untrusted certificates. This was addressed by terminating untrusted connections. CVE-2016-4747 : Dave Aitel
Messages Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Messages may be visible on a device that has not signed in to Messages Description: An issue existed when using Handoff for Messages. This issue was resolved via better state management. CVE-2016-4740 : Step Wallace
Printing UIKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An unencrypted document may be written to a temporary file when using AirPrint preview Description: An issue existed in AirPrint preview. This was addressed through improved environment sanitization. CVE-2016-4749 : an anonymous researcher
Sandbox Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious application may be able to determine whom a user is texting Description: An access control issue existed in SMS draft directories. This issue was addressed by preventing apps from stat'ing the affected directories. CVE-2016-4620 : Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "10".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX2FJ5AAoJEIOj74w0bLRGa6sQAMPluedIChXWvW/EaZwX/EQ1 cWc7AmcLoWQskymTmN3pzy/WPARDaBFPrMlkGK3KvpB8bvPSFcp+1QI6vUFwLhyV s3Rj5qlqQmEKlyC53BjxrdcbnHGOFzsApEZ43+awZQnDVOnGPQP+NAgq8HUDxy/g 8BK2kdmj++8bEA6MgwaeMNxjzEDXMALxdFBVD3kPUH2na1Y3aji8LQoaDc0OzsqJ nNYmuFbJAAsDAhpuN5fQYhCZhXbiNnQ0b+4X9tALwDAAIxU4nDRlCk8wc+S3MkVZ L78dW+0H0wV1kLyUmjK+sbRjPa56MCd35C3xylDJFVfvWzxjISmGvZvGyXNphQ67 ibbo9NUZArLAGQrXOlY31W5JGegnV2ex6GUmEELsTlPLv3FL5a4sgKVvYY0d9wYz Awa6GG1IjyeWA776ati/gUQYyfnaNn81ccvOdzm97IKETMn5KX15xdgUN6Amqu5H J2q56H4zM6HRIqOUOOWHMoVFMmfeH27c8pbgAi2BIrQOw2jlCoxolwuhfkperoN3 iaUpWIhmmqLxyFpYBwNkEs0/rbVo68fCGQ6eHWPdwr8AVs8aYecUtT8yFFEIpZFy FajGgKdBKrxoXuzNJpBRT3LvZ6tmbEq9u7Lo4DVNNjA5AIgejpyHk3f6OX951a5z SRLzhSdcnaoOnuDWwk/v =Mouo -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10 (ipod touch first 6 after generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10"
}
],
"sources": [
{
"db": "BID",
"id": "92932"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, Step Wa, Ahmad-Reza Sadeghi (TU Darmstadt),Raul Siles of DinoSec, Dave Aitel, Antoine M of France, William Enck (North Carolina State University); Lucas Vincenzo Davi, Step Wal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4747",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4747",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93566",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2016-4747",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4747",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2016-4747",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93566",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93566"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Apple iOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. \nVersions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Mail is one of the mail clients. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-09-13-1 iOS 10\n\niOS 10 is now available and addresses the following:\n\nAssets\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An attacker in a privileged network position may be able to\nblock a device from receiving software updates\nDescription: An issue existed in iOS updates, which did not properly\nsecure user communications. This issue was addressed by using HTTPS\nfor software updates. \nCVE-2016-4741 : Raul Siles of DinoSec\n\nGeoServices\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to read sensitive location\ninformation\nDescription: A permissions issue existed in PlaceData. This issue was\naddressed through improved permission validation. \nCVE-2016-4719 : Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nKeyboards\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Keyboard auto correct suggestions may reveal sensitive\ninformation\nDescription: The iOS keyboard was inadvertently caching sensitive\ninformation. This issue was addressed through improved heuristics. \nCVE-2016-4746 : Antoine M of France\n\nMail\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An attacker with a privileged network position may be able to\nintercept mail credentials\nDescription: An issue existed when handling untrusted certificates. \nThis was addressed by terminating untrusted connections. \nCVE-2016-4747 : Dave Aitel\n\nMessages\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Messages may be visible on a device that has not signed in to\nMessages\nDescription: An issue existed when using Handoff for Messages. This\nissue was resolved via better state management. \nCVE-2016-4740 : Step Wallace\n\nPrinting UIKit\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An unencrypted document may be written to a temporary file\nwhen using AirPrint preview\nDescription: An issue existed in AirPrint preview. This was addressed\nthrough improved environment sanitization. \nCVE-2016-4749 : an anonymous researcher\n\nSandbox Profiles\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: A malicious application may be able to determine whom a user\nis texting\nDescription: An access control issue existed in SMS draft\ndirectories. This issue was addressed by preventing apps from\nstat\u0027ing the affected directories. \nCVE-2016-4620 : Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"10\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJX2FJ5AAoJEIOj74w0bLRGa6sQAMPluedIChXWvW/EaZwX/EQ1\ncWc7AmcLoWQskymTmN3pzy/WPARDaBFPrMlkGK3KvpB8bvPSFcp+1QI6vUFwLhyV\ns3Rj5qlqQmEKlyC53BjxrdcbnHGOFzsApEZ43+awZQnDVOnGPQP+NAgq8HUDxy/g\n8BK2kdmj++8bEA6MgwaeMNxjzEDXMALxdFBVD3kPUH2na1Y3aji8LQoaDc0OzsqJ\nnNYmuFbJAAsDAhpuN5fQYhCZhXbiNnQ0b+4X9tALwDAAIxU4nDRlCk8wc+S3MkVZ\nL78dW+0H0wV1kLyUmjK+sbRjPa56MCd35C3xylDJFVfvWzxjISmGvZvGyXNphQ67\nibbo9NUZArLAGQrXOlY31W5JGegnV2ex6GUmEELsTlPLv3FL5a4sgKVvYY0d9wYz\nAwa6GG1IjyeWA776ati/gUQYyfnaNn81ccvOdzm97IKETMn5KX15xdgUN6Amqu5H\nJ2q56H4zM6HRIqOUOOWHMoVFMmfeH27c8pbgAi2BIrQOw2jlCoxolwuhfkperoN3\niaUpWIhmmqLxyFpYBwNkEs0/rbVo68fCGQ6eHWPdwr8AVs8aYecUtT8yFFEIpZFy\nFajGgKdBKrxoXuzNJpBRT3LvZ6tmbEq9u7Lo4DVNNjA5AIgejpyHk3f6OX951a5z\nSRLzhSdcnaoOnuDWwk/v\n=Mouo\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4747"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "BID",
"id": "92932"
},
{
"db": "VULHUB",
"id": "VHN-93566"
},
{
"db": "PACKETSTORM",
"id": "138737"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4747",
"trust": 2.9
},
{
"db": "BID",
"id": "92932",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036797",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93841436",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138737",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93566"
},
{
"db": "BID",
"id": "92932"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "PACKETSTORM",
"id": "138737"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"id": "VAR-201609-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93566"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:17:16.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-09-13-1 iOS 10",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html"
},
{
"title": "HT207143",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207143"
},
{
"title": "HT207143",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207143"
},
{
"title": "Apple iOS Mail Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64069"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93566"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92932"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00008.html"
},
{
"trust": 1.1,
"url": "https://support.apple.com/ht207143"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036797"
},
{
"trust": 0.9,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.9,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.9,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.9,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.9,
"url": "https://support.apple.com/en-in/ht207143"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4747"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93841436/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4747"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4747"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4741"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4749"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93566"
},
{
"db": "BID",
"id": "92932"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "PACKETSTORM",
"id": "138737"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93566"
},
{
"db": "BID",
"id": "92932"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"db": "PACKETSTORM",
"id": "138737"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-93566"
},
{
"date": "2016-09-13T00:00:00",
"db": "BID",
"id": "92932"
},
{
"date": "2016-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"date": "2016-09-14T23:01:11",
"db": "PACKETSTORM",
"id": "138737"
},
{
"date": "2016-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"date": "2016-09-18T22:59:09.110000",
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-93566"
},
{
"date": "2019-04-12T21:00:00",
"db": "BID",
"id": "92932"
},
{
"date": "2016-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004775"
},
{
"date": "2019-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-260"
},
{
"date": "2024-11-21T02:52:53.143000",
"db": "NVD",
"id": "CVE-2016-4747"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Vulnerability in obtaining email credentials in email",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-260"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…