Details of VAR-201602-0206

ID

VAR-201602-0206

CVE

CVE-2016-1719

TITLE

plural Apple Product IOHIDFamily API Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-001402

DESCRIPTION

The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. Apple Mac OS X and iOS are prone to multiple memory-corruption vulnerabilities. An attacker can leverage these issues to execute arbitrary code with kernel privileges. Failed exploit attempts will likely result in denial of service conditions. in the United States. The IOHIDFamily API is one of the kernel extensions (Abstract Interface for Human Interface Devices) API components. A security vulnerability exists in the IOHIDFamily API of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.2.1, OS X versions prior to 10.11.3, and tvOS versions prior to 9.1.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-2 watchOS 2.2 watchOS 2.2 is now available and addresses the following: Disk Images Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1719 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1720 : Ian Beer of Google Project Zero CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend Micro CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-ID CVE-2015-7995 : puzzor Messages Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab syslog Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs TrueTypeScaler Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) WebKit Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1723 : Apple CVE-2016-1724 : Apple CVE-2016-1725 : Apple CVE-2016-1726 : Apple CVE-2016-1727 : Apple Wi-Fi Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJW8JP2AAoJEBcWfLTuOo7tegQQAK8H21zT1jYAaMerAKWp6Vo6 CHFN6M5KQwKMHDdTfn0tK29IK8Ewkb+ruOFvRWMHBPxdkYTsYfSPupuj0oUM1dV9 +bQR6BfQu1QLi7j73Ub4XowoiTJbAE4apisFCbO/eM+TyupODJSMBmuKUcFBuVQt xLxOOHKiJ3CuaJmoc7fxOXzqx9+34jMbvjmaXjG0m4pktc7tsmTFXS0+GIVFbUXu ArvcuVoO/jXUjWD6dB4n1bnLi+q7I/P/xP2tW4L1dqnP8i4fKZRt2Pq22VvyJlHb 5dP++yjRY79qfCyiVmRPmYfsIRgx716+tbEZl6Y3AUTy5n0S06XwDQQTR+y22why oB+baS2eTzTEXOx5GxeFwFe4DYi5fqCwGWa7EQfnTPPd7gDc/JnuQI4F/ccRCiL4 5q+bGiEH34F5zDXqaXELZ399mCKsN24gxT4WrBI/EgZ182DFkyUg8XO1Ff6PVe3+ 7NcoijUj2A+NWeaIPPWg81DHZnKHdcrG9Q35L/TrxrKigHBgfO3G09yfsCsvZjm9 MGIiaSfIGqYfgtyX15EQd8NVFN/ZhLMj5WRPChJoxNVLoXr+MdrhLG3tUae6nDXj nmP1iBKbkgDkVQnuPfQyzZkvNHO9H2ZxnP3qSk6670V+VzpqpVXDm8nrEgcpDm1b 82FzLX2fEJg5XYLhXQrg =lORW -----END PGP SIGNATURE----- . CVE-ID CVE-2015-7995 : puzzor OSA Scripts Available for: OS X El Capitan v10.11 to v10.11.2 Impact: A quarantined application may be able to override OSA script libraries installed by the user Description: An issue existed when searching for scripting libraries. CVE-ID CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix WebSheet Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious captive portal may be able to access the user's cookies Description: An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals

Trust: 2.34

sources: NVD: CVE-2016-1719 // JVNDB: JVNDB-2016-001402 // BID: 81277 // VULHUB: VHN-90538 // PACKETSTORM: 136343 // PACKETSTORM: 135326 // PACKETSTORM: 135385 // PACKETSTORM: 135325

AFFECTED PRODUCTS

vendor:	apple	model:	tvos	scope:	lte	version:	9.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.11 to v10.11.2	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2.1 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2.1 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.2.1 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	9.1.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2 (apple watch)	Trust: 0.8
vendor:	apple	model:	tv	scope:	eq	version:	9.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	9.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.2	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 81277 // JVNDB: JVNDB-2016-001402 // CNNVD: CNNVD-201602-002 // NVD: CVE-2016-1719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1719
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1719
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201602-002
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90538
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1719
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90538
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1719
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90538 // JVNDB: JVNDB-2016-001402 // CNNVD: CNNVD-201602-002 // NVD: CVE-2016-1719

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90538 // JVNDB: JVNDB-2016-001402 // NVD: CVE-2016-1719

THREAT TYPE

local

Trust: 0.9

sources: BID: 81277 // CNNVD: CNNVD-201602-002

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201602-002

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001402

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-03-21-2 watchOS 2.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-01-19-1 iOS 9.2.1	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-01-25-1 tvOS 9.1.1	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html	Trust: 0.8
title:	APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001	url:	http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html	Trust: 0.8
title:	HT205729	url:	https://support.apple.com/en-us/HT205729	Trust: 0.8
title:	HT205731	url:	https://support.apple.com/en-us/HT205731	Trust: 0.8
title:	HT206168	url:	https://support.apple.com/en-us/HT206168	Trust: 0.8
title:	HT205732	url:	https://support.apple.com/en-us/HT205732	Trust: 0.8
title:	HT205732	url:	https://support.apple.com/ja-jp/HT205732	Trust: 0.8
title:	HT206168	url:	http://support.apple.com/ja-jp/HT206168	Trust: 0.8
title:	HT205729	url:	https://support.apple.com/ja-jp/HT205729	Trust: 0.8
title:	HT205731	url:	https://support.apple.com/ja-jp/HT205731	Trust: 0.8
title:	Multiple Apple product IOHIDFamily API Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60013	Trust: 0.6

sources: JVNDB: JVNDB-2016-001402 // CNNVD: CNNVD-201602-002

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1719	Trust: 3.2
db:	PACKETSTORM	id:	135440	Trust: 1.7
db:	PACKETSTORM	id:	135443	Trust: 1.7
db:	PACKETSTORM	id:	135441	Trust: 1.7
db:	PACKETSTORM	id:	135442	Trust: 1.7
db:	PACKETSTORM	id:	135438	Trust: 1.7
db:	PACKETSTORM	id:	135439	Trust: 1.7
db:	EXPLOIT-DB	id:	39364	Trust: 1.7
db:	EXPLOIT-DB	id:	39359	Trust: 1.7
db:	EXPLOIT-DB	id:	39363	Trust: 1.7
db:	EXPLOIT-DB	id:	39362	Trust: 1.7
db:	EXPLOIT-DB	id:	39361	Trust: 1.7
db:	EXPLOIT-DB	id:	39360	Trust: 1.7
db:	SECTRACK	id:	1034736	Trust: 1.7
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVN	id:	JVNVU90405245	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001402	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-002	Trust: 0.7
db:	BID	id:	81277	Trust: 0.3
db:	VULHUB	id:	VHN-90538	Trust: 0.1
db:	PACKETSTORM	id:	136343	Trust: 0.1
db:	PACKETSTORM	id:	135326	Trust: 0.1
db:	PACKETSTORM	id:	135385	Trust: 0.1
db:	PACKETSTORM	id:	135325	Trust: 0.1

sources: VULHUB: VHN-90538 // BID: 81277 // JVNDB: JVNDB-2016-001402 // PACKETSTORM: 136343 // PACKETSTORM: 135326 // PACKETSTORM: 135385 // PACKETSTORM: 135325 // CNNVD: CNNVD-201602-002 // NVD: CVE-2016-1719

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00003.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/jan/msg00005.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html	Trust: 1.7
url:	https://support.apple.com/ht205729	Trust: 1.7
url:	https://support.apple.com/ht205731	Trust: 1.7
url:	https://support.apple.com/ht205732	Trust: 1.7
url:	https://support.apple.com/ht206168	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39359/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39360/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39361/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39362/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39363/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39364/	Trust: 1.7
url:	http://packetstormsecurity.com/files/135438/ios-kernel-ioreporthub-use-after-free.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/135439/ios-kernel-iohideventservice-use-after-free.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/135440/ios-kernel-appleoscarcma-use-after-free.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/135441/ios-kernel-appleoscarcompass-use-after-free.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/135442/ios-kernel-appleoscaraccelerometer-use-after-free.html	Trust: 1.7
url:	http://packetstormsecurity.com/files/135443/ios-kernel-appleoscargyro-use-after-free.html	Trust: 1.7
url:	https://code.google.com/p/google-security-research/issues/detail?id=603	Trust: 1.7
url:	https://code.google.com/p/google-security-research/issues/detail?id=604	Trust: 1.7
url:	https://code.google.com/p/google-security-research/issues/detail?id=605	Trust: 1.7
url:	https://code.google.com/p/google-security-research/issues/detail?id=606	Trust: 1.7
url:	https://code.google.com/p/google-security-research/issues/detail?id=607	Trust: 1.7
url:	https://code.google.com/p/google-security-research/issues/detail?id=608	Trust: 1.7
url:	http://www.securitytracker.com/id/1034736	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1719	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90405245/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1719	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7995	Trust: 0.4
url:	https://gpgtools.org	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1720	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1721	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1722	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1717	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1719	Trust: 0.4
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://www.apple.com/osx/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-ie/ht205729	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1727	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1724	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1725	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1726	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1723	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1751	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8659	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8035	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1753	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0801	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8242	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5312	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7500	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1752	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1754	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1748	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1729	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1730	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1728	Trust: 0.1

CREDITS

Apple

Trust: 0.4

sources: PACKETSTORM: 136343 // PACKETSTORM: 135326 // PACKETSTORM: 135385 // PACKETSTORM: 135325

SOURCES

db:	VULHUB	id:	VHN-90538
db:	BID	id:	81277
db:	JVNDB	id:	JVNDB-2016-001402
db:	PACKETSTORM	id:	136343
db:	PACKETSTORM	id:	135326
db:	PACKETSTORM	id:	135385
db:	PACKETSTORM	id:	135325
db:	CNNVD	id:	CNNVD-201602-002
db:	NVD	id:	CVE-2016-1719

LAST UPDATE DATE

2024-11-23T19:37:57.925000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90538	date:	2019-03-08T00:00:00
db:	BID	id:	81277	date:	2016-07-06T14:08:00
db:	JVNDB	id:	JVNDB-2016-001402	date:	2016-03-29T00:00:00
db:	CNNVD	id:	CNNVD-201602-002	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2016-1719	date:	2024-11-21T02:46:57.280

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90538	date:	2016-02-01T00:00:00
db:	BID	id:	81277	date:	2016-01-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-001402	date:	2016-02-17T00:00:00
db:	PACKETSTORM	id:	136343	date:	2016-03-22T15:09:54
db:	PACKETSTORM	id:	135326	date:	2016-01-20T16:54:51
db:	PACKETSTORM	id:	135385	date:	2016-01-26T13:33:33
db:	PACKETSTORM	id:	135325	date:	2016-01-20T16:51:56
db:	CNNVD	id:	CNNVD-201602-002	date:	2016-02-02T00:00:00
db:	NVD	id:	CVE-2016-1719	date:	2016-02-01T11:59:03.150