var-201702-0324
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved lock state checking. CVE-2016-4662: Apple
AppleSMC Available for: macOS Sierra 10.12 Impact: A local user may be able to elevate privileges Description: A null pointer dereference was addressed through improved locking. CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
ATS Available for: macOS Sierra 10.12 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4667: Simmon Huang of alipay, Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS Available for: macOS Sierra 10.12 Impact: A local user may be able to execute arbitrary code with additional privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts. CVE-2016-7579: Jerry Decime
CoreGraphics Available for: macOS Sierra 10.12 Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
FaceTime Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser Available for: macOS Sierra 10.12 Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO Available for: OS X El Capitan v10.11.6 Impact: Parsing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed through improved bounds checking. CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn)
ImageIO Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted image may result in the disclosure of process memory Description: An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking. CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive Available for: macOS Sierra 10.12 Impact: A malicious archive may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: An application may be able to execute arbitrary code with root privileges Description: A logic issue was addressed through additional restrictions. CVE-2016-4675: Ian Beer of Google Project Zero
ntfs Available for: macOS Sierra 10.12 Impact: An application may be able to cause a denial of service Description: An issue existed in the parsing of disk images. This issue was addressed through improved validation. CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office for Information Security)
NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to cause a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4663: Apple
System Boot Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation. CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP 8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD 4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1 NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1 GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9 J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV E0naX6k6U0S+vJiI0JU7 =eHH+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.12.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
}
],
"sources": [
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recurity Labs on behalf of BSI (German Federal Office for Information Security), Simmon Huang of alipay, Thelongestusernameofall@gmail.com, Moony Li of TrendMicro, @Flyic, Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin (@fuzzerDOTcn), Shrek_wzw of Qihoo 360 Ni",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4663",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-93482",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2016-4663",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4663",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-4663",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-705",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93482",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93482"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-24-2 macOS Sierra 10.12.1\n\nmacOS Sierra 10.12.1 is now available and addresses the following:\n\nAppleGraphicsControl\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nlock state checking. \nCVE-2016-4662: Apple\n\nAppleSMC\nAvailable for: macOS Sierra 10.12\nImpact: A local user may be able to elevate privileges\nDescription: A null pointer dereference was addressed through\nimproved locking. \nCVE-2016-4678: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nATS\nAvailable for: macOS Sierra 10.12\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4667: Simmon Huang of alipay,\nThelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic\n\nATS\nAvailable for: macOS Sierra 10.12\nImpact: A local user may be able to execute arbitrary code with\nadditional privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team\n\nCFNetwork Proxies\nAvailable for: macOS Sierra 10.12\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A phishing issue existed in the handling of proxy\ncredentials. This issue was addressed by removing unsolicited proxy\npassword authentication prompts. \nCVE-2016-7579: Jerry Decime\n\nCoreGraphics\nAvailable for: macOS Sierra 10.12\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),\nTencent\n\nFaceTime\nAvailable for: macOS Sierra 10.12\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com\n\nFontParser\nAvailable for: macOS Sierra 10.12\nImpact: Parsing a maliciously crafted font may disclose sensitive\nuser information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4660: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nImageIO\nAvailable for: OS X El Capitan v10.11.6\nImpact: Parsing a maliciously crafted PDF may lead to arbitrary code\nexecution\nDescription: An out-of-bounds write was addressed through improved\nbounds checking. \nCVE-2016-4671: Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin\n(@fuzzerDOTcn)\n\nImageIO\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: Processing a maliciously crafted image may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read issue existed in the SGI image\nparsing. This issue was addressed through improved bounds checking. \nCVE-2016-4682: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nlibarchive\nAvailable for: macOS Sierra 10.12\nImpact: A malicious archive may be able to overwrite arbitrary files\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-2016-4679: Omer Medan of enSilo Ltd\n\nlibxpc\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A logic issue was addressed through additional\nrestrictions. \nCVE-2016-4675: Ian Beer of Google Project Zero\n\nntfs\nAvailable for: macOS Sierra 10.12\nImpact: An application may be able to cause a denial of service\nDescription: An issue existed in the parsing of disk images. This\nissue was addressed through improved validation. \nCVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office\nfor Information Security)\n\nNVIDIA Graphics Drivers\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to cause a denial of service\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-4663: Apple\n\nSystem Boot\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed through improved\nvalidation. \nCVE-2016-4669: Ian Beer of Google Project Zero\n\nmacOS Sierra 10.12.1 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP\n8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep\nGil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD\n4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K\nk8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E\nwUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1\nNwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA\nWbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G\ncjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1\nGfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9\nJ5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV\nE0naX6k6U0S+vJiI0JU7\n=eHH+\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4663"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "VULHUB",
"id": "VHN-93482"
},
{
"db": "PACKETSTORM",
"id": "139320"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4663",
"trust": 2.9
},
{
"db": "BID",
"id": "93852",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037086",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU90743185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-589",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93482",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139320",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93482"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "PACKETSTORM",
"id": "139320"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"id": "VAR-201702-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93482"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:41:32.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html"
},
{
"title": "HT207275",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207275"
},
{
"title": "HT207275",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207275"
},
{
"title": "Apple macOS Sierra NVIDIA Graphics Drivers Repair measures for memory corruption vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65068"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93482"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93852"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207275"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037086"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4663"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90743185/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4663"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht207275"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-589/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4667"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4669"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4674"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7579"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4673"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93482"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "PACKETSTORM",
"id": "139320"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93482"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"db": "PACKETSTORM",
"id": "139320"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93482"
},
{
"date": "2016-10-24T00:00:00",
"db": "BID",
"id": "93852"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"date": "2016-10-24T21:46:59",
"db": "PACKETSTORM",
"id": "139320"
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"date": "2017-02-20T08:59:00.337000",
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-93482"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "93852"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007363"
},
{
"date": "2017-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-705"
},
{
"date": "2024-11-21T02:52:43.597000",
"db": "NVD",
"id": "CVE-2016-4663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of NVIDIA Service disruption in graphics driver components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-705"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.