Sign-up

ID

VAR-201603-0157


CVE

CVE-2016-1749


TITLE

Apple OS X of IOUSBFamily Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2016-001891

DESCRIPTION

IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IOUSBInterfaceUserClient interface. The issue lies in the failure to ensure that a user-supplied index is within the bounds of the allocated buffer. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.11 through 10.11.3 are vulnerable. IOUSBFamily is one of the basic USB device driver components. An elevation of privilege vulnerability exists in Apple OS X's IOUSBFamily

Trust: 2.7

sources: NVD: CVE-2016-1749 // JVNDB: JVNDB-2016-001891 // ZDI: ZDI-16-206 // BID: 85056 // VULHUB: VHN-90568 // VULMON: CVE-2016-1749

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.11.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11 to 10.11.3

Trust: 0.8

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:mac os xscope:eqversion:10.11.3

Trust: 0.6

sources: ZDI: ZDI-16-206 // JVNDB: JVNDB-2016-001891 // CNNVD: CNNVD-201603-306 // NVD: CVE-2016-1749

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1749
value: HIGH

Trust: 1.0

NVD: CVE-2016-1749
value: HIGH

Trust: 0.8

ZDI: CVE-2016-1749
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201603-306
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90568
value: HIGH

Trust: 0.1

VULMON: CVE-2016-1749
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1749
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2016-1749
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-90568
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1749
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-16-206 // VULHUB: VHN-90568 // VULMON: CVE-2016-1749 // JVNDB: JVNDB-2016-001891 // CNNVD: CNNVD-201603-306 // NVD: CVE-2016-1749

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-90568 // JVNDB: JVNDB-2016-001891 // NVD: CVE-2016-1749

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-306

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201603-306

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001891

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-90568 // 
            
            
            
            VULMON: CVE-2016-1749

PATCH
title:HT206167url:https://support.apple.com/en-us/HT206167
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002url:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Trust: 0.8
title:HT206167url:https://support.apple.com/ja-jp/HT206167
Trust: 0.8
title:Apple OS X IOUSBFamily Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60633
Trust: 0.6
title:IosHackStudyurl:https://github.com/pandazheng/IosHackStudy 
Trust: 0.1
title: - url:https://github.com/pandazheng/Mac-IOS-Security 
Trust: 0.1
title:iOSSafetyLearningurl:https://github.com/shaveKevin/iOSSafetyLearning 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-206 // 
            
            
            
            VULMON: CVE-2016-1749 // 
            
            
            
            JVNDB: JVNDB-2016-001891 // 
            
            
            
            CNNVD: CNNVD-201603-306

EXTERNAL IDS
db:NVDid:CVE-2016-1749
Trust: 3.6
db:ZDIid:ZDI-16-206
Trust: 2.2
db:SECTRACKid:1035363
Trust: 1.2
db:EXPLOIT-DBid:39607
Trust: 1.2
db:JVNid:JVNVU97668313
Trust: 0.8
db:JVNDBid:JVNDB-2016-001891
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3530
Trust: 0.7
db:CNNVDid:CNNVD-201603-306
Trust: 0.7
db:SECUNIAid:63459
Trust: 0.6
db:BIDid:85056
Trust: 0.4
db:ZDIid:ZDI-16-205
Trust: 0.3
db:ZDIid:ZDI-16-202
Trust: 0.3
db:PACKETSTORMid:136363
Trust: 0.1
db:VULHUBid:VHN-90568
Trust: 0.1
db:VULMONid:CVE-2016-1749
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-206 // 
            
            
            
            VULHUB: VHN-90568 // 
            
            
            
            VULMON: CVE-2016-1749 // 
            
            
            
            BID: 85056 // 
            
            
            
            JVNDB: JVNDB-2016-001891 // 
            
            
            
            CNNVD: CNNVD-201603-306 // 
            
            
            
            NVD: CVE-2016-1749

REFERENCES
url:http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html
Trust: 1.8
url:https://support.apple.com/ht206167
Trust: 1.8
url:http://www.zerodayinitiative.com/advisories/zdi-16-206
Trust: 1.5
url:https://www.exploit-db.com/exploits/39607/
Trust: 1.3
url:http://www.securitytracker.com/id/1035363
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1749
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97668313/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1749
Trust: 0.8
url:https://support.apple.com/en-us/ht206167
Trust: 0.7
url:http://secunia.com/advisories/63459
Trust: 0.6
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-202
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-205
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/pandazheng/ioshackstudy
Trust: 0.1
url:https://www.securityfocus.com/bid/85056
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-206 // 
            
            
            
            VULHUB: VHN-90568 // 
            
            
            
            VULMON: CVE-2016-1749 // 
            
            
            
            BID: 85056 // 
            
            
            
            JVNDB: JVNDB-2016-001891 // 
            
            
            
            CNNVD: CNNVD-201603-306 // 
            
            
            
            NVD: CVE-2016-1749

CREDITS
Juwei Lin of Trend Micro
Trust: 1.3
sources:
            
            
            ZDI: ZDI-16-206 // 
            
            
            
            CNNVD: CNNVD-201603-306

SOURCES
db:ZDIid:ZDI-16-206
db:VULHUBid:VHN-90568
db:VULMONid:CVE-2016-1749
db:BIDid:85056
db:JVNDBid:JVNDB-2016-001891
db:CNNVDid:CNNVD-201603-306
db:NVDid:CVE-2016-1749

LAST UPDATE DATE
2024-11-23T19:32:04.551000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-206date:2016-03-22T00:00:00
db:VULHUBid:VHN-90568date:2017-09-08T00:00:00
db:VULMONid:CVE-2016-1749date:2017-09-08T00:00:00
db:BIDid:85056date:2016-07-05T21:57:00
db:JVNDBid:JVNDB-2016-001891date:2016-03-28T00:00:00
db:CNNVDid:CNNVD-201603-306date:2016-03-25T00:00:00
db:NVDid:CVE-2016-1749date:2024-11-21T02:47:00.533

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-206date:2016-03-22T00:00:00
db:VULHUBid:VHN-90568date:2016-03-24T00:00:00
db:VULMONid:CVE-2016-1749date:2016-03-24T00:00:00
db:BIDid:85056date:2016-03-21T00:00:00
db:JVNDBid:JVNDB-2016-001891date:2016-03-28T00:00:00
db:CNNVDid:CNNVD-201603-306date:2016-03-23T00:00:00
db:NVDid:CVE-2016-1749date:2016-03-24T01:59:19.153