var-201702-0227
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. Assets is one of the library components that supports multi-picture selection. An attacker could exploit this vulnerability to alter the downloaded phone gallery
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
}
],
"sources": [
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "daybreaker@Minionz working with Trend Micro\u0027s Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro\u0027s Zero Day In",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
}
],
"trust": 0.6
},
"cve": "CVE-2016-7628",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-7628",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-96448",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2016-7628",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7628",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-7628",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-487",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96448",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2016-7628",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96448"
},
{
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Assets\" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. Assets is one of the library components that supports multi-picture selection. An attacker could exploit this vulnerability to alter the downloaded phone gallery",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "VULHUB",
"id": "VHN-96448"
},
{
"db": "VULMON",
"id": "CVE-2016-7628"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7628",
"trust": 2.9
},
{
"db": "BID",
"id": "94903",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1037469",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU97133642",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96448",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-7628",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96448"
},
{
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"id": "VAR-201702-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96448"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:22:25.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-12-13-1 macOS 10.12.2",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html"
},
{
"title": "HT207423",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207423"
},
{
"title": "HT207423",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207423"
},
{
"title": "Apple macOS Sierra Assets Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66521"
},
{
"title": "Apple: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=123eba6ece0d39a424cb657303ba745a"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/94903"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207423"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1037469"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97133642/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7628"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207423"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=52090"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96448"
},
{
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96448"
},
{
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-96448"
},
{
"date": "2017-02-20T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"date": "2016-12-13T00:00:00",
"db": "BID",
"id": "94903"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"date": "2016-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"date": "2017-02-20T08:59:03.057000",
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-96448"
},
{
"date": "2017-07-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7628"
},
{
"date": "2016-12-20T00:09:00",
"db": "BID",
"id": "94903"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007400"
},
{
"date": "2017-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-487"
},
{
"date": "2024-11-21T02:58:19.943000",
"db": "NVD",
"id": "CVE-2016-7628"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple macOS Vulnerabilities that prevent permission restrictions on asset components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007400"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-487"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…