Details of VAR-201607-0363

ID

VAR-201607-0363

CVE

CVE-2016-4625

TITLE

Apple OS X of IOSurface Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-004025

DESCRIPTION

Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAuthority may be obtained by local users. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.5 are vulnerable

Trust: 1.98

sources: NVD: CVE-2016-4625 // JVNDB: JVNDB-2016-004025 // BID: 91824 // VULHUB: VHN-93444

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 and later	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.9.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	mac os security update	scope:	ne	version:	x2016	Trust: 0.3

sources: BID: 91824 // JVNDB: JVNDB-2016-004025 // CNNVD: CNNVD-201607-881 // NVD: CVE-2016-4625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4625
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4625
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201607-881
value:	HIGH
Trust: 0.6
VULHUB:	VHN-93444
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-4625
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-93444
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4625
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93444 // JVNDB: JVNDB-2016-004025 // CNNVD: CNNVD-201607-881 // NVD: CVE-2016-4625

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-93444 // JVNDB: JVNDB-2016-004025 // NVD: CVE-2016-4625

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201607-881

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201607-881

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004025

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-93444

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/en-us/HT206903	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/ja-jp/HT206903	Trust: 0.8
title:	Apple OS X El Capitan IOSurface Remediation measures for reusing vulnerabilities after release	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63241	Trust: 0.6

sources: JVNDB: JVNDB-2016-004025 // CNNVD: CNNVD-201607-881

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4625	Trust: 2.8
db:	BID	id:	91824	Trust: 1.4
db:	SECTRACK	id:	1036348	Trust: 1.1
db:	EXPLOIT-DB	id:	40669	Trust: 1.1
db:	EXPLOIT-DB	id:	40653	Trust: 1.1
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004025	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-881	Trust: 0.7
db:	ZDI	id:	ZDI-16-496	Trust: 0.3
db:	ZDI	id:	ZDI-16-437	Trust: 0.3
db:	ZDI	id:	ZDI-16-431	Trust: 0.3
db:	ZDI	id:	ZDI-16-435	Trust: 0.3
db:	PACKETSTORM	id:	139354	Trust: 0.1
db:	VULHUB	id:	VHN-93444	Trust: 0.1

sources: VULHUB: VHN-93444 // BID: 91824 // JVNDB: JVNDB-2016-004025 // CNNVD: CNNVD-201607-881 // NVD: CVE-2016-4625

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.7
url:	https://support.apple.com/ht206903	Trust: 1.7
url:	http://www.securityfocus.com/bid/91824	Trust: 1.1
url:	https://www.exploit-db.com/exploits/40653/	Trust: 1.1
url:	https://www.exploit-db.com/exploits/40669/	Trust: 1.1
url:	http://www.securitytracker.com/id/1036348	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4625	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94844193/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4625	Trust: 0.8
url:	https://support.apple.com/ht206904	Trust: 0.6
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html	Trust: 0.6
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html	Trust: 0.6
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html	Trust: 0.6
url:	https://support.apple.com/ht206902	Trust: 0.6
url:	https://support.apple.com/ht206905	Trust: 0.6
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-431/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-435/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-437/	Trust: 0.3
url:	apple os x acmp4aacbasedecoder out-of-bounds read information disclosure vulnerability	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-16-496/	Trust: 0.3

sources: VULHUB: VHN-93444 // BID: 91824 // JVNDB: JVNDB-2016-004025 // CNNVD: CNNVD-201607-881 // NVD: CVE-2016-4625

CREDITS

Jonathan Lewis from DeARX Services (PTY) LTD, Ke Liu of Tencent's Xuanwu Lab, Ian Beer of Google Project Zero, Tyler Bohan of Cisco Talos, Stefan Esser of SektionEins, Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative, Abhinav Bansa

Trust: 0.3

sources: BID: 91824

SOURCES

db:	VULHUB	id:	VHN-93444
db:	BID	id:	91824
db:	JVNDB	id:	JVNDB-2016-004025
db:	CNNVD	id:	CNNVD-201607-881
db:	NVD	id:	CVE-2016-4625

LAST UPDATE DATE

2024-11-23T19:38:14.823000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93444	date:	2017-09-03T00:00:00
db:	BID	id:	91824	date:	2016-08-29T19:00:00
db:	JVNDB	id:	JVNDB-2016-004025	date:	2016-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201607-881	date:	2016-07-26T00:00:00
db:	NVD	id:	CVE-2016-4625	date:	2024-11-21T02:52:38.767

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93444	date:	2016-07-22T00:00:00
db:	BID	id:	91824	date:	2016-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-004025	date:	2016-07-28T00:00:00
db:	CNNVD	id:	CNNVD-201607-881	date:	2016-07-26T00:00:00
db:	NVD	id:	CVE-2016-4625	date:	2016-07-22T02:59:45.650