Sign-up

ID

VAR-201510-0161


CVE

CVE-2015-6996


TITLE

plural Apple Product IOAcceleratorFamily Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-005592

DESCRIPTION

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.1, watchOS 2.0.1 and OS X 10.11.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple watchOS is a smart watch operating system. A security vulnerability exists in the IOAcceleratorFamily of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. CVE-ID CVE-2015-5916 Bom Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security configd Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A local user with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in CoreGraphics. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a document with a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 Grand Central Dispatch Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKhAAoJEBcWfLTuOo7tkBcP+QGVb0FmXmyDjPNF1b3Mx4Cv 2gPz3W6x1BQlss3/2+WX8YAMXgtGux0HQfYF/uQIjverf+HHlGDN2bd+P61odDEp hEU2h6N6bPbDp85MehTgZWt8/c6HR5XB2KFKNAXhE6YmrZ8neXBYLF+sF9T9NMx0 ar2/yWFlCVFTgDHzt4KGFJFjNDr8urHNp0nc4KjOE7YE83oK9vkAxmqOhpPNNzdj DIob8y1wO4NBoClzXr8DIlqoajFEWLXU++G6MVclhCoWun+vQpUo3XcOG7mJgoff nrb9ITbsEXtpKLeHYPdK7y7EMWOasVb2GPkK3TWEc37wf2eEk2cUSHRN6bjeIsJO WWVqGC8+Ya7eQgsztUlfUMK8OFNX9wz9CABB/wBNbYe1fzea+oZV7ijCR6IzOi6I 5xFEDCxSOnDMSn3uF/ENRk5LG7DC0PsL/Er/H2tSit9oacEGmoozyUdGlexG4o+a pySDBLiplfVjdfoPv8ABQSN6mtvD1MaLVVAoG14FEObEEY/tdl22Ou8NZQ6OgeLl I2uyMSPQDGMKXNxjIfgWTWK31TQakq3c78swlXy9fZrCWl/ti8y6CFUVqP8XOjN9 LgkJcChm77UXsiFCKqREMw/kgSDvctF94iMknUBc1+YDj+uDs+t9vvUzZ3syFC0V 4bPj6XOJcceSHv1+PlcF =gtL/ -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2015-6996 // JVNDB: JVNDB-2015-005592 // BID: 77265 // VULHUB: VHN-84957 // PACKETSTORM: 134045

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.0

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:2.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:9.0.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.1 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.0.1 (apple watch edition)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.0.1 (apple watch hermes)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.0.1 (apple watch sport)

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:2.0.1 (apple watch)

Trust: 0.8

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.0.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:neversion:2.0.1

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2015

Trust: 0.3

vendor:applemodel:iosscope:neversion:9.1

Trust: 0.3

sources: BID: 77265 // JVNDB: JVNDB-2015-005592 // CNNVD: CNNVD-201510-544 // NVD: CVE-2015-6996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6996
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6996
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201510-544
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84957
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6996
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84957
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84957 // JVNDB: JVNDB-2015-005592 // CNNVD: CNNVD-201510-544 // NVD: CVE-2015-6996

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-84957 // JVNDB: JVNDB-2015-005592 // NVD: CVE-2015-6996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-544

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201510-544

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-005592

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-84957

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2015-10-21-1 iOS 9.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00002.html
Trust: 0.8
title:APPLE-SA-2015-10-21-2 watchOS 2.0.1url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html
Trust: 0.8
title:APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007url:http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
Trust: 0.8
title:HT205370url:https://support.apple.com/en-us/HT205370
Trust: 0.8
title:HT205378url:https://support.apple.com/en-us/HT205378
Trust: 0.8
title:HT205375url:https://support.apple.com/en-us/HT205375
Trust: 0.8
title:HT205375url:http://support.apple.com/ja-jp/HT205375
Trust: 0.8
title:HT205370url:http://support.apple.com/ja-jp/HT205370
Trust: 0.8
title:HT205378url:http://support.apple.com/ja-jp/HT205378
Trust: 0.8
title:Multiple Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58388
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-005592 // 
            
            
            
            CNNVD: CNNVD-201510-544

EXTERNAL IDS
db:NVDid:CVE-2015-6996
Trust: 2.9
db:SECTRACKid:1033929
Trust: 1.1
db:JVNid:JVNVU92655282
Trust: 0.8
db:JVNDBid:JVNDB-2015-005592
Trust: 0.8
db:CNNVDid:CNNVD-201510-544
Trust: 0.7
db:BIDid:77265
Trust: 0.3
db:EXPLOIT-DBid:39380
Trust: 0.1
db:PACKETSTORMid:135426
Trust: 0.1
db:VULHUBid:VHN-84957
Trust: 0.1
db:PACKETSTORMid:134045
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84957 // 
            
            
            
            BID: 77265 // 
            
            
            
            JVNDB: JVNDB-2015-005592 // 
            
            
            
            PACKETSTORM: 134045 // 
            
            
            
            CNNVD: CNNVD-201510-544 // 
            
            
            
            NVD: CVE-2015-6996

REFERENCES
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00002.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00003.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html
Trust: 1.7
url:https://support.apple.com/ht205370
Trust: 1.7
url:https://support.apple.com/ht205375
Trust: 1.7
url:https://support.apple.com/ht205378
Trust: 1.7
url:http://www.securitytracker.com/id/1033929
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6996
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92655282/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6996
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/watchos-2/
Trust: 0.3
url:http://www.apple.com/ipad/
Trust: 0.3
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-5925
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-6989
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5935
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-6974
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5936
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5939
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5942
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7006
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5926
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5927
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5937
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-7015
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-5916
Trust: 0.1
url:https://support.apple.com/en-us/ht204641
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-6996
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84957 // 
            
            
            
            BID: 77265 // 
            
            
            
            JVNDB: JVNDB-2015-005592 // 
            
            
            
            PACKETSTORM: 134045 // 
            
            
            
            CNNVD: CNNVD-201510-544 // 
            
            
            
            NVD: CVE-2015-6996

CREDITS
Mark Dowd of Azimuth Security, PanguTeam, and Apple.
Trust: 0.3
sources:
            
            
            BID: 77265

SOURCES
db:VULHUBid:VHN-84957
db:BIDid:77265
db:JVNDBid:JVNDB-2015-005592
db:PACKETSTORMid:134045
db:CNNVDid:CNNVD-201510-544
db:NVDid:CVE-2015-6996

LAST UPDATE DATE
2024-11-23T20:54:17.121000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84957date:2016-12-24T00:00:00
db:BIDid:77265date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005592date:2015-10-27T00:00:00
db:CNNVDid:CNNVD-201510-544date:2015-10-26T00:00:00
db:NVDid:CVE-2015-6996date:2024-11-21T02:36:00.990

SOURCES RELEASE DATE
db:VULHUBid:VHN-84957date:2015-10-23T00:00:00
db:BIDid:77265date:2015-10-21T00:00:00
db:JVNDBid:JVNDB-2015-005592date:2015-10-27T00:00:00
db:PACKETSTORMid:134045date:2015-10-21T15:55:55
db:CNNVDid:CNNVD-201510-544date:2015-10-26T00:00:00
db:NVDid:CVE-2015-6996date:2015-10-23T21:59:37.997