var-201702-0333
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
macOS Sierra 10.12.1 is now available and addresses the following:
AppleGraphicsControl Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved lock state checking. CVE-2016-4662: Apple
AppleSMC Available for: macOS Sierra 10.12 Impact: A local user may be able to elevate privileges Description: A null pointer dereference was addressed through improved locking. CVE-2016-4678: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
ATS Available for: macOS Sierra 10.12 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4667: Simmon Huang of alipay, Thelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic
ATS Available for: macOS Sierra 10.12 Impact: A local user may be able to execute arbitrary code with additional privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team
CFNetwork Proxies Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts. CVE-2016-7579: Jerry Decime
CoreGraphics Available for: macOS Sierra 10.12 Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
FaceTime Available for: macOS Sierra 10.12 Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com
FontParser Available for: macOS Sierra 10.12 Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab
ImageIO Available for: OS X El Capitan v10.11.6 Impact: Parsing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed through improved bounds checking. CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn)
ImageIO Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted image may result in the disclosure of process memory Description: An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking. CVE-2016-4682: Ke Liu of Tencent's Xuanwu Lab
libarchive Available for: macOS Sierra 10.12 Impact: A malicious archive may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2016-4679: Omer Medan of enSilo Ltd
libxpc Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: An application may be able to execute arbitrary code with root privileges Description: A logic issue was addressed through additional restrictions. CVE-2016-4675: Ian Beer of Google Project Zero
ntfs Available for: macOS Sierra 10.12 Impact: An application may be able to cause a denial of service Description: An issue existed in the parsing of disk images. This issue was addressed through improved validation. CVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office for Information Security)
NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: An application may be able to cause a denial of service Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4663: Apple
System Boot Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation. CVE-2016-4669: Ian Beer of Google Project Zero
macOS Sierra 10.12.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP 8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep Gil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD 4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K k8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E wUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1 NwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA WbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G cjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1 GfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9 J5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV E0naX6k6U0S+vJiI0JU7 =eHH+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.12"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.12.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
}
],
"sources": [
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Recurity Labs on behalf of BSI (German Federal Office for Information Security), Simmon Huang of alipay, Thelongestusernameofall@gmail.com, Moony Li of TrendMicro, @Flyic, Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin (@fuzzerDOTcn), Shrek_wzw of Qihoo 360 Ni",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-93493",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-4674",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4674",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4674",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-708",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93493",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93493"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"ATS\" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, gain elevated privileges and perform unauthorized actions. This may aid in other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-24-2 macOS Sierra 10.12.1\n\nmacOS Sierra 10.12.1 is now available and addresses the following:\n\nAppleGraphicsControl\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nlock state checking. \nCVE-2016-4662: Apple\n\nAppleSMC\nAvailable for: macOS Sierra 10.12\nImpact: A local user may be able to elevate privileges\nDescription: A null pointer dereference was addressed through\nimproved locking. \nCVE-2016-4678: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nATS\nAvailable for: macOS Sierra 10.12\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4667: Simmon Huang of alipay,\nThelongestusernameofall@gmail.com Moony Li of Trend Micro, @Flyic\n\nATS\nAvailable for: macOS Sierra 10.12\nImpact: A local user may be able to execute arbitrary code with\nadditional privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4674: Shrek_wzw of Qihoo 360 Nirvan Team\n\nCFNetwork Proxies\nAvailable for: macOS Sierra 10.12\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A phishing issue existed in the handling of proxy\ncredentials. This issue was addressed by removing unsolicited proxy\npassword authentication prompts. \nCVE-2016-7579: Jerry Decime\n\nCoreGraphics\nAvailable for: macOS Sierra 10.12\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),\nTencent\n\nFaceTime\nAvailable for: macOS Sierra 10.12\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com\n\nFontParser\nAvailable for: macOS Sierra 10.12\nImpact: Parsing a maliciously crafted font may disclose sensitive\nuser information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4660: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nImageIO\nAvailable for: OS X El Capitan v10.11.6\nImpact: Parsing a maliciously crafted PDF may lead to arbitrary code\nexecution\nDescription: An out-of-bounds write was addressed through improved\nbounds checking. \nCVE-2016-4671: Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin\n(@fuzzerDOTcn)\n\nImageIO\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: Processing a maliciously crafted image may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read issue existed in the SGI image\nparsing. This issue was addressed through improved bounds checking. \nCVE-2016-4682: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nlibarchive\nAvailable for: macOS Sierra 10.12\nImpact: A malicious archive may be able to overwrite arbitrary files\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-2016-4679: Omer Medan of enSilo Ltd\n\nlibxpc\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A logic issue was addressed through additional\nrestrictions. \nCVE-2016-4675: Ian Beer of Google Project Zero\n\nntfs\nAvailable for: macOS Sierra 10.12\nImpact: An application may be able to cause a denial of service\nDescription: An issue existed in the parsing of disk images. This\nissue was addressed through improved validation. \nCVE-2016-4661: Recurity Labs on behalf of BSI (German Federal Office\nfor Information Security)\n\nNVIDIA Graphics Drivers\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to cause a denial of service\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-4663: Apple\n\nSystem Boot\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed through improved\nvalidation. \nCVE-2016-4669: Ian Beer of Google Project Zero\n\nmacOS Sierra 10.12.1 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYDlRWAAoJEIOj74w0bLRGFnYP/iy1NY+HgMgJd4OeOakX4sGP\n8utQ55plu7WdQ3imNdcP1NYm+tuqFLxSDm7qJMA4zsAakxdUAGWEWYjRmJ9IxTep\nGil1qjXZHksX/7lF+VzoMcsAC4CE0yFnaFAw0gHdhQFZyzYryPVsryue56WX5DAD\n4/MJUK85U1P2YRDkMW8Mt4TrOW0kgpohpZIFsWKmBocZ4Q/GLybQLzip7mv9w4/K\nk8L+m9oHUr+Bh7Et+OoM+4oTBC2pIwdb9U5edTHqIMpXp15jScTXbQ/pz+ngjZ6E\nwUDa8hZC30m6SWSJtFUMZ5+6Gedcafcn/kegRPeFwitQ13EnLOVeGekp25ROsnF1\nNwXiDDYuUxTg8ecW6YJm1OktO035nUg3Rjnonx3km2FNDiFgakK78p622B/eJwOA\nWbD6ahu8qAFTf14pCe7WJVvQz4vnjwiwTQxOTxVgiLfAdFHNm9IpxazwEeW8sN+G\ncjvoi5VTWL8FiHfUITnJrzeclitgke67vhOs6Ju5+nYiKrUf74NoNnFBPMjD4Qa1\nGfvjZ2LWUVBLBahWUl2Nhlr4EWECqF3AEZhBRmcvcHnspcN3f9BBD/kktvpqTAV9\nJ5TqpiRr2qhrQEV8WLt/GvZSf7hjnSMPUZS4pi27ZKSugkTQsHJs4eWE6awQUgrV\nE0naX6k6U0S+vJiI0JU7\n=eHH+\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4674"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "VULHUB",
"id": "VHN-93493"
},
{
"db": "PACKETSTORM",
"id": "139320"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4674",
"trust": 2.9
},
{
"db": "BID",
"id": "93852",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037086",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU90743185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-589",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139320",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93493"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "PACKETSTORM",
"id": "139320"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"id": "VAR-201702-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93493"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:20:49.764000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html"
},
{
"title": "HT207275",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207275"
},
{
"title": "HT207275",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207275"
},
{
"title": "Apple macOS Sierra ATS Repair measures for memory corruption vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65071"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93493"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93852"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207275"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037086"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4674"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90743185/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4674"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-ie/ht207275"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-589/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4667"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4669"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4674"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7579"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4673"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93493"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "PACKETSTORM",
"id": "139320"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93493"
},
{
"db": "BID",
"id": "93852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"db": "PACKETSTORM",
"id": "139320"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93493"
},
{
"date": "2016-10-24T00:00:00",
"db": "BID",
"id": "93852"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"date": "2016-10-24T21:46:59",
"db": "PACKETSTORM",
"id": "139320"
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"date": "2017-02-20T08:59:00.667000",
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-93493"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "93852"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007366"
},
{
"date": "2017-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-708"
},
{
"date": "2024-11-21T02:52:44.777000",
"db": "NVD",
"id": "CVE-2016-4674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of ATS Vulnerability gained privileges in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007366"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-708"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.