ID

VAR-201608-0186


CVE

CVE-2016-4655


TITLE

Apple iOS  Vulnerability in kernel where sensitive information may be obtained from memory

Trust: 0.8

sources: JVNDB: JVNDB-2016-004455

DESCRIPTION

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. Apple iOS is prone to a local information-disclosure vulnerability. Local attackers can leverage this issue to gain access to sensitive information. Information obtained may aid in further attacks. Kernel is one of the kernel components. CVE-2016-4655: Citizen Lab and Lookout iOS 10.0.1 also includes the security content of iOS 10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-08-25-1 iOS 9.3.5 iOS 9.3.5 is now available and addresses the following: Kernel Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later Impact: An application may be able to disclose kernel memory Description: A validation issue was addressed through improved input sanitization. CVE-2016-4655: Citizen Lab and Lookout Kernel Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4656: Citizen Lab and Lookout WebKit Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4657: Citizen Lab and Lookout Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.3.5". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXvzhMAAoJEIOj74w0bLRGBAMP/RvcCKskvhLhBTixjPNBWWqE VFuQCMGif3Q9/2vLv9tQxeesXdG30Rn7LkCSStR0ZhSPrNFlSDlhHj/KOLFd5en+ lgctmToXnLQl+FzTnN0Tn872R3VENBl78OiP6K1urDJHMs1OwGgORyyKQgcaGcDZ GCBK7PUaK/yKVXfm1SJsMcyNL3lRGd05OnCPaXJruMZlbTWidK7R649oodPIIX+H cokqXBjM94M/Y6BUbPAeEh4lSk6ukygYHeb+JuTTj0AQ+82qIkWctkZLIVHZDLak aaTxLFpH9T9BAOTKSnpwFZa0Nj912OSkFbIbCMNyCcX/l7z2Pd+EVg/7rEEZBW+I yyo67JsXWQtCP9/P5El3V1lepNfuGOpRM5S+B/X2X+774QV/Xx8blVXTeDdDAk++ bHblfQKx2Xlkrznl+SFLnDfY5d8TlRmLEcQu1N7DiN22I1Qi9eXdzicBrCHyY3s0 sFTj577aBQ2gyH6EWTg4VfZHKKXtzPTNuSpAwobK8HKacezUhCXQ0BScmS47UMHu uk/sdirJX1GAfD0P7bcOsnTdMHG+vkXIFTuV+JsGcpg136kdg7rejVIsj/AKRChz f+e/7YsJIpMQriDr4w07huosClXKqSw64ygPyP0KYHTjO1picPocw1SF7eqyeng0 C6oESP46AbWYUbdihpm7 =PDst -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2016-4655 // JVNDB: JVNDB-2016-004455 // BID: 92965 // BID: 92651 // VULHUB: VHN-93474 // VULMON: CVE-2016-4655 // PACKETSTORM: 138718 // PACKETSTORM: 138513

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:10.0

Trust: 1.6

vendor:applemodel:iphone osscope:ltversion:9.3.5

Trust: 1.0

vendor:アップルmodel:iosscope:ltversion:(ipod touch no. 5 generation onwards )

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:(iphone 4s from )

Trust: 0.8

vendor:アップルmodel:iosscope:eqversion:9.3.5

Trust: 0.8

vendor:アップルmodel:iosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:iosscope:ltversion:(ipad 2 from )

Trust: 0.8

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.6

vendor:applemodel:iosscope:eqversion:50

Trust: 0.6

vendor:applemodel:iosscope:eqversion:40

Trust: 0.6

vendor:applemodel:iosscope:eqversion:30

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:9

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:8

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:7

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:6

Trust: 0.6

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:5

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.6

vendor:applemodel:iosscope:neversion:10.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.4

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:neversion:10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:20

Trust: 0.3

vendor:applemodel:iphone 4sscope:eqversion: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

sources: BID: 92965 // BID: 92651 // JVNDB: JVNDB-2016-004455 // CNNVD: CNNVD-201608-460 // NVD: CVE-2016-4655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4655
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4655
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201608-460
value: HIGH

Trust: 0.6

VULHUB: VHN-93474
value: HIGH

Trust: 0.1

VULMON: CVE-2016-4655
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4655
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-93474
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4655
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-4655
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-93474 // VULMON: CVE-2016-4655 // JVNDB: JVNDB-2016-004455 // CNNVD: CNNVD-201608-460 // NVD: CVE-2016-4655

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-200

Trust: 0.1

sources: VULHUB: VHN-93474 // JVNDB: JVNDB-2016-004455 // NVD: CVE-2016-4655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-460

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 92965 // BID: 92651

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-93474 // VULMON: CVE-2016-4655

PATCH

title:HT207130url:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:Apple iOS kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63783

Trust: 0.6

title:Apple: iOS 10.0.1url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=10428444f0fe910dc66b50e8816cad2b

Trust: 0.1

title:Apple: Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemiteurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=1cd4f8dc2dba2c6d86a698113e0588fc

Trust: 0.1

title:Apple: iOS 9.3.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=804bc13f15b1f31921cd544e2c4873d7

Trust: 0.1

title:OS-X-10.11.6-Exp-via-PEGASUSurl:https://github.com/zhengmin1989/OS-X-10.11.6-Exp-via-PEGASUS

Trust: 0.1

title:Tridenturl:https://github.com/EGYbkgo9449/Trident

Trust: 0.1

title:br0keurl:https://github.com/tomitokics/br0ke

Trust: 0.1

title:MOSEC-2017url:https://github.com/aozhimin/MOSEC-2017

Trust: 0.1

title:iOS-9.3.2-Trident-5Curl:https://github.com/AhmedZKool/iOS-9.3.2-Trident-5C

Trust: 0.1

title:PegasusXurl:https://github.com/jndok/PegasusX

Trust: 0.1

title:skybreakurl:https://github.com/Cryptiiiic/skybreak

Trust: 0.1

title:daibutsuurl:https://github.com/dora2-iOS/daibutsu

Trust: 0.1

title:Trident-masterurl:https://github.com/mehulrao/Trident-master

Trust: 0.1

title:jdong-learning-resourcesurl:https://github.com/joydo/jdong-learning-resources

Trust: 0.1

title:Tridenturl:https://github.com/0nc1s/Trident

Trust: 0.1

title:Tridenturl:https://github.com/benjamin-42/Trident

Trust: 0.1

title:Trident-Add-Supporturl:https://github.com/mehulrao/Trident-Add-Support

Trust: 0.1

title:OSG-TranslationTeamurl:https://github.com/r0ysue/OSG-TranslationTeam

Trust: 0.1

title:reverse-engineering-toolkiturl:https://github.com/geeksniper/reverse-engineering-toolkit

Trust: 0.1

title:Threatposturl:https://threatpost.com/apple-patches-trident-vulnerabilities-in-os-x-safari/120336/

Trust: 0.1

title:Threatposturl:https://threatpost.com/emergency-ios-update-patches-zero-days-used-by-government-spyware/120158/

Trust: 0.1

sources: VULMON: CVE-2016-4655 // JVNDB: JVNDB-2016-004455 // CNNVD: CNNVD-201608-460

EXTERNAL IDS

db:NVDid:CVE-2016-4655

Trust: 4.2

db:BIDid:92965

Trust: 1.5

db:BIDid:92651

Trust: 1.5

db:EXPLOIT-DBid:44836

Trust: 1.2

db:SECTRACKid:1036694

Trust: 1.2

db:JVNid:JVNVU92267426

Trust: 0.8

db:JVNid:JVNVU99497792

Trust: 0.8

db:JVNDBid:JVNDB-2016-004455

Trust: 0.8

db:CNNVDid:CNNVD-201608-460

Trust: 0.7

db:PACKETSTORMid:138718

Trust: 0.2

db:PACKETSTORMid:138513

Trust: 0.2

db:PACKETSTORMid:148041

Trust: 0.1

db:VULHUBid:VHN-93474

Trust: 0.1

db:VULMONid:CVE-2016-4655

Trust: 0.1

sources: VULHUB: VHN-93474 // VULMON: CVE-2016-4655 // BID: 92965 // BID: 92651 // JVNDB: JVNDB-2016-004455 // PACKETSTORM: 138718 // PACKETSTORM: 138513 // CNNVD: CNNVD-201608-460 // NVD: CVE-2016-4655

REFERENCES

url:http://lists.apple.com/archives/security-announce/2016/aug/msg00000.html

Trust: 1.8

url:https://support.apple.com/ht207107

Trust: 1.8

url:http://www.securityfocus.com/bid/92651

Trust: 1.3

url:https://www.exploit-db.com/exploits/44836/

Trust: 1.3

url:http://lists.apple.com/archives/security-announce/2016/sep/msg00005.html

Trust: 1.2

url:http://www.securityfocus.com/bid/92965

Trust: 1.2

url:https://support.apple.com/ht207145

Trust: 1.2

url:https://blog.lookout.com/blog/2016/08/25/trident-pegasus/

Trust: 1.2

url:http://www.securitytracker.com/id/1036694

Trust: 1.2

url:http://jvn.jp/vu/jvnvu99497792/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92267426/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4655

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20160829-ios.html

Trust: 0.8

url:https://cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

url:http://www.apple.com/iphone/softwareupdate/

Trust: 0.3

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.symantec.com/connect/blogs/trident-trio-ios-zero-days-being-exploited-wild

Trust: 0.3

url:https://www.apple.com/itunes/

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-4655

Trust: 0.2

url:https://gpgtools.org

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://github.com/zhengmin1989/os-x-10.11.6-exp-via-pegasus

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=48711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4657

Trust: 0.1

sources: VULHUB: VHN-93474 // VULMON: CVE-2016-4655 // BID: 92965 // BID: 92651 // JVNDB: JVNDB-2016-004455 // PACKETSTORM: 138718 // PACKETSTORM: 138513 // CNNVD: CNNVD-201608-460 // NVD: CVE-2016-4655

CREDITS

Citizen Lab and Lookout

Trust: 0.3

sources: BID: 92965

SOURCES

db:VULHUBid:VHN-93474
db:VULMONid:CVE-2016-4655
db:BIDid:92965
db:BIDid:92651
db:JVNDBid:JVNDB-2016-004455
db:PACKETSTORMid:138718
db:PACKETSTORMid:138513
db:CNNVDid:CNNVD-201608-460
db:NVDid:CVE-2016-4655

LAST UPDATE DATE

2024-11-23T20:59:38.275000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-93474date:2018-06-08T00:00:00
db:VULMONid:CVE-2016-4655date:2018-06-08T00:00:00
db:BIDid:92965date:2016-09-14T00:00:00
db:BIDid:92651date:2016-09-16T15:00:00
db:JVNDBid:JVNDB-2016-004455date:2024-07-08T06:04:00
db:CNNVDid:CNNVD-201608-460date:2016-10-27T00:00:00
db:NVDid:CVE-2016-4655date:2024-11-21T02:52:42.610

SOURCES RELEASE DATE

db:VULHUBid:VHN-93474date:2016-08-25T00:00:00
db:VULMONid:CVE-2016-4655date:2016-08-25T00:00:00
db:BIDid:92965date:2016-09-14T00:00:00
db:BIDid:92651date:2016-08-25T00:00:00
db:JVNDBid:JVNDB-2016-004455date:2016-08-29T00:00:00
db:PACKETSTORMid:138718date:2016-09-14T20:10:46
db:PACKETSTORMid:138513date:2016-08-25T22:22:22
db:CNNVDid:CNNVD-201608-460date:2016-08-26T00:00:00
db:NVDid:CVE-2016-4655date:2016-08-25T21:59:00.133