Details of VAR-201605-0461

ID

VAR-201605-0461

CVE

CVE-2016-1819

TITLE

plural Apple Product IOAcceleratorFamily Vulnerable to arbitrary code execution in a privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2016-002821

DESCRIPTION

Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges, gain sensitive information, and cause denial-of-service condition. Versions prior to iOS 9.3.2, watchOS 2.2.1 and Mac OS X 10.11.5 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-2 iOS 9.3.2 iOS 9.3.2 is now available and addresses the following: Accessibility Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to determine kernel memory layout Description: A buffer overflow was addressed through improved size validation. CVE-ID CVE-2016-1790 : Rapelly Akhil CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.3.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOjz9AAoJEIOj74w0bLRGhaEP/2vSxjMnyoe2P8hRRQKb8LaL oigygYPvWnP6pQMywPpnx96TtTK8qFLOtxaCFzk0IYcCvyA7J7Hp+V69JKuOzj7a rOPcgwsHbFv56ZMJxlEX0v7l7JcptghvujugKKHXg6M8nRluu47LT4uaUI4y87kV NHhlb59k/SGmmzkY83xvVSX1bHxhTt9/Cmpd+xwVGpQDIhWPurhJnImbvxusZT4I 5sVs/+K9C+mAHDvDZbjQi8evDePCmeeeXRmVsNfDTh9oo5Q8iSKjRXC05vZZlcVU R4ntXCEwWXFuLrVDExL1SA36hVuTiht+vbpTDweIj25hfaZs3fTtFIPXzu7MGM50 KsV4xMUMeszB+tlC/GoU6s1gK4yo/mxnbmuXxWQGBUKgiVzRXzXAYfGr9CuY+eCm QotCnXl6oKn8oGqX5Tqmt8onjHAAnk1qdrK7FpRxZTPYYzfIn/OEH4kAsCcuj8qq eYdsHM/8C7Oas3it+dZleDTNmFET4aMA4bIOzHiJSyHS1MvzZoSBxKQHLXjZS+yl 2Z9c135et4TTeqMl0WwhtHKBGdiUfaLOcUi3e0ZnFdDKjQZyo7+w/ma6l/JKwDLs uUCXLvKeEGeNyA75IbS9WEMDgeykh0DgQ4oF6xXth+yod3YnUNcBR8i8UbW68Jo/ WD39gI5XNrpUq9cUOg7t =lS4p -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2016-1819 // JVNDB: JVNDB-2016-002821 // BID: 90694 // VULHUB: VHN-90638 // PACKETSTORM: 137080 // PACKETSTORM: 137076 // PACKETSTORM: 137075

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lt	version:	9.3.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.11.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.9
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 and later	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	9.3.2 (ipod touch first 5 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	9.2.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch hermes)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch sport)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	2.2.1 (apple watch)	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.4	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	9.2	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	mac os security update	scope:	ne	version:	x2016-0030	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.11.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	9.3.2	Trust: 0.3

sources: BID: 90694 // JVNDB: JVNDB-2016-002821 // CNNVD: CNNVD-201605-492 // NVD: CVE-2016-1819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1819
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1819
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201605-492
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90638
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1819
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90638
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1819
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90638 // JVNDB: JVNDB-2016-002821 // CNNVD: CNNVD-201605-492 // NVD: CVE-2016-1819

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-90638 // JVNDB: JVNDB-2016-002821 // NVD: CVE-2016-1819

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201605-492

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201605-492

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002821

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90638

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-05-16-3 watchOS 2.2.1	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-2 iOS 9.3.2	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-05-16-1 tvOS 9.2.1	url:	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html	Trust: 0.8
title:	HT206564	url:	https://support.apple.com/en-us/HT206564	Trust: 0.8
title:	HT206566	url:	https://support.apple.com/en-us/HT206566	Trust: 0.8
title:	HT206567	url:	https://support.apple.com/en-us/HT206567	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/en-us/HT206568	Trust: 0.8
title:	HT206566	url:	https://support.apple.com/ja-jp/HT206566	Trust: 0.8
title:	HT206567	url:	https://support.apple.com/ja-jp/HT206567	Trust: 0.8
title:	HT206568	url:	https://support.apple.com/ja-jp/HT206568	Trust: 0.8
title:	HT206564	url:	https://support.apple.com/ja-jp/HT206564	Trust: 0.8
title:	Apple iOS , watchOS , OS X El Capitan and tvOS IOAcceleratorFamily Fixes for arbitrary code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61806	Trust: 0.6

sources: JVNDB: JVNDB-2016-002821 // CNNVD: CNNVD-201605-492

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1819	Trust: 3.1
db:	BID	id:	90694	Trust: 2.0
db:	PACKETSTORM	id:	137396	Trust: 1.7
db:	SECTRACK	id:	1035890	Trust: 1.7
db:	EXPLOIT-DB	id:	39928	Trust: 1.7
db:	JVN	id:	JVNVU91632741	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002821	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-492	Trust: 0.7
db:	ZDI	id:	ZDI-16-339	Trust: 0.3
db:	ZDI	id:	ZDI-16-495	Trust: 0.3
db:	ZDI	id:	ZDI-16-340	Trust: 0.3
db:	VULHUB	id:	VHN-90638	Trust: 0.1
db:	PACKETSTORM	id:	137080	Trust: 0.1
db:	PACKETSTORM	id:	137076	Trust: 0.1
db:	PACKETSTORM	id:	137075	Trust: 0.1

sources: VULHUB: VHN-90638 // BID: 90694 // JVNDB: JVNDB-2016-002821 // PACKETSTORM: 137080 // PACKETSTORM: 137076 // PACKETSTORM: 137075 // CNNVD: CNNVD-201605-492 // NVD: CVE-2016-1819

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/may/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00003.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/may/msg00004.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/90694	Trust: 1.7
url:	https://support.apple.com/ht206564	Trust: 1.7
url:	https://support.apple.com/ht206566	Trust: 1.7
url:	https://support.apple.com/ht206567	Trust: 1.7
url:	https://support.apple.com/ht206568	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39928/	Trust: 1.7
url:	http://packetstormsecurity.com/files/137396/os-x-kernel-use-after-free-from-ioacceleratorfamily2-bad-locking.html	Trust: 1.7
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=772	Trust: 1.7
url:	http://www.securitytracker.com/id/1035890	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1819	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91632741/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1819	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-339/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-340/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-495/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1823	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://gpgtools.org	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1836	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1829	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1837	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1817	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1839	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1819	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1803	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1827	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1808	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1830	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1813	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1811	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1828	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1838	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1833	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1807	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1834	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1818	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1802	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1840	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1824	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1832	Trust: 0.3
url:	https://www.linkedin.com/in/rshupak)	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1847	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1841	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1814	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1801	Trust: 0.2
url:	https://support.apple.com/en-us/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1842	Trust: 0.1
url:	https://www.apple.com/itunes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1831	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1835	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1854	Trust: 0.1

CREDITS

Klaus Rodewig, Ian Beer of Google Project Zero, daybreaker working with Trend Micro??s Zero Day Initiative, Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro, Lander Brandt (@landaire) and Juwei Lin of TrendMicro.

Trust: 0.3

sources: BID: 90694

SOURCES

db:	VULHUB	id:	VHN-90638
db:	BID	id:	90694
db:	JVNDB	id:	JVNDB-2016-002821
db:	PACKETSTORM	id:	137080
db:	PACKETSTORM	id:	137076
db:	PACKETSTORM	id:	137075
db:	CNNVD	id:	CNNVD-201605-492
db:	NVD	id:	CVE-2016-1819

LAST UPDATE DATE

2024-11-23T20:12:52.361000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90638	date:	2019-03-25T00:00:00
db:	BID	id:	90694	date:	2016-08-29T19:00:00
db:	JVNDB	id:	JVNDB-2016-002821	date:	2016-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201605-492	date:	2019-03-26T00:00:00
db:	NVD	id:	CVE-2016-1819	date:	2024-11-21T02:47:08.940

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90638	date:	2016-05-20T00:00:00
db:	BID	id:	90694	date:	2016-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-002821	date:	2016-05-23T00:00:00
db:	PACKETSTORM	id:	137080	date:	2016-05-17T15:59:22
db:	PACKETSTORM	id:	137076	date:	2016-05-17T15:50:52
db:	PACKETSTORM	id:	137075	date:	2016-05-17T15:48:27
db:	CNNVD	id:	CNNVD-201605-492	date:	2016-05-20T00:00:00
db:	NVD	id:	CVE-2016-1819	date:	2016-05-20T10:59:32.297