Details of VAR-201609-0294

ID

VAR-201609-0294

CVE

CVE-2016-4773

TITLE

plural Apple Vulnerability to obtain important memory layout information in the product kernel

Trust: 0.8

sources: JVNDB: JVNDB-2016-004938

DESCRIPTION

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776. plural Apple In the product kernel, important memory layout information is obtained or service operation is interrupted ( Read out of bounds ) There are vulnerabilities that are put into a state. This vulnerability CVE-2016-4774 and CVE-2016-4776 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks. Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-09-20-5 watchOS 3 The watchOS 3 advisory has been updated to include additional entries as noted below. Audio Available for: All Apple Watch models Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University Entry added September 20, 2016 CFNetwork Available for: All Apple Watch models Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking. CVE-2016-4708: Dawid Czagan of Silesia Security Lab Entry added September 20, 2016 CoreCrypto Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: An out-of-bounds write issue was addressed by removing the vulnerable code. CVE-2016-4712: Gergo Koteles Entry added September 20, 2016 FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4718: Apple Entry added September 20, 2016 GeoServices Available for: All Apple Watch models Impact: An application may be able to read sensitive location information Description: A permissions issue existed in PlaceData. This issue was addressed through improved permission validation. CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt) IOAcceleratorFamily Available for: All Apple Watch models Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4725: Rodger Combs of Plex, Inc. Entry added September 20, 2016 IOAcceleratorFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4726: An anonymous researcher Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A remote attacker may be able to cause a denial of service Description: A lock handling issue was addressed through improved lock handling. CVE-2016-4772: Marc Heuse of mh-sec Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation. CVE-2016-4773: Brandon Azad CVE-2016-4774: Brandon Azad CVE-2016-4776: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4775: Brandon Azad Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An untrusted pointer dereference was addressed by removing the affected code. CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team Entry added September 20, 2016 Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4778: CESG Entry added September 20, 2016 libxml2 Available for: All Apple Watch models Impact: Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4658: Nick Wellnhofer CVE-2016-5131: Nick Wellnhofer Entry added September 20, 2016 libxslt Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4738: Nick Wellnhofer Entry added September 20, 2016 Security Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in signed disk images. This issue was addressed through improved size validation. CVE-2016-4753: Mark Mentovai of Google Inc. Entry added September 20, 2016 WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4737: Apple Entry added September 20, 2016 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJX4YPQAAoJEIOj74w0bLRG8S0QAIkepFBcosbmZLpY04hlt+Ah yHXnqKyghV5Ribkl64KUQRkyPHDOGaEaErYEiscMtUqbFP/rnSM8ScFF65Oxxg/P 3NCGpKkedA0J4cMtb58x4nvWJe3GW8aV8iP4H7t65jCprdIAxZuniLjhGMtM0r7G a/A6cmpqhwL055RMr1c7ksC1oCk43BP5rZOlndqE9Ns6lw1F5RNmATbZgjHdPHkC xuml7fEdhRbt/lswdDMq7epIZFqDX7jlZig349oesZhsUVczQnRZtsdUQ695OZcd XSZisclix5b0t4Ett5HiarbYLYbalnz5ftU511Va9pf5VOGaZcl942cmns8CRbQy GT+qCk9TCMhtf6nqBTrX8MwSP481fa1OssLHE1rYGibBFpr0xqqXw70zzpl77w9I OT31mBtdrPor7luR7haXOMuwaD7Fbmj6sd3ph0p6wQQG0GZ/zsLRJtBJfFU2Qx1X fesFDPTyNrby4nMHaF6MGY04hME2zHApq0KHOtGfg3WaaIJWGbWY+xPAUW5kDLIf Q6u+8BVjCT1qvfK3oi93wA5FOqfqlud4LuMGdTehJL1PBTh93JnabQwZDuNjufg0 4p4j7jFIenYxdYgjbbCKrXu6PYTUB7yqMRDYAQN7hk4bKabwHacyqKmQbH5MCYXt yHVD9Vuo3lqcs8fMnUow =yYuL -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2016-4773 // JVNDB: JVNDB-2016-004938 // BID: 93054 // VULHUB: VHN-93592 // VULMON: CVE-2016-4773 // PACKETSTORM: 138795 // PACKETSTORM: 138796

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 1.4
vendor:	apple	model:	tvos	scope:	lt	version:	10.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	10.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	3.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.12	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	10 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	3 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	9.3.5	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	9.2.2	Trust: 0.6
vendor:	ubuntu	model:	linux	scope:	eq	version:	16.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	16.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ibm	model:	dynamic system analysis preboot	scope:	eq	version:	9.6	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	ibm	model:	dynamic system analysis preboot	scope:	ne	version:	9.65	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	3.0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10	Trust: 0.3

sources: BID: 93054 // JVNDB: JVNDB-2016-004938 // CNNVD: CNNVD-201609-480 // NVD: CVE-2016-4773

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4773
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4773
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201609-480
value:	HIGH
Trust: 0.6
VULHUB:	VHN-93592
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-4773
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4773
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-93592
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4773
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-93592 // VULMON: CVE-2016-4773 // JVNDB: JVNDB-2016-004938 // CNNVD: CNNVD-201609-480 // NVD: CVE-2016-4773

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-93592 // JVNDB: JVNDB-2016-004938 // NVD: CVE-2016-4773

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201609-480

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201609-480

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004938

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-09-20-3 iOS 10	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html	Trust: 0.8
title:	APPLE-SA-2016-09-20-5 watchOS 3	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html	Trust: 0.8
title:	APPLE-SA-2016-09-20-6 tvOS 10	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html	Trust: 0.8
title:	APPLE-SA-2016-09-20 macOS Sierra 10.12	url:	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html	Trust: 0.8
title:	HT207141	url:	https://support.apple.com/en-us/HT207141	Trust: 0.8
title:	HT207142	url:	https://support.apple.com/en-us/HT207142	Trust: 0.8
title:	HT207143	url:	https://support.apple.com/en-us/HT207143	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/en-us/HT207170	Trust: 0.8
title:	HT207142	url:	https://support.apple.com/ja-jp/HT207142	Trust: 0.8
title:	HT207143	url:	https://support.apple.com/ja-jp/HT207143	Trust: 0.8
title:	HT207170	url:	https://support.apple.com/ja-jp/HT207170	Trust: 0.8
title:	HT207141	url:	https://support.apple.com/ja-jp/HT207141	Trust: 0.8
title:	Multiple Apple product Kernel Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64224	Trust: 0.6
title:	Apple: watchOS 3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=22c38e80657dfabed50745bf066b5d7e	Trust: 0.1
title:	Apple: tvOS 10	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=2eacf5c3d1f3eca6b4d1466fef2589d7	Trust: 0.1
title:	Apple: iOS 10	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=49cfe8e7b5abb7b955623b596efe5873	Trust: 0.1
title:	Apple: macOS Sierra 10.12	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=56fe8957a503c1b7b6f00fbd6d759042	Trust: 0.1

sources: VULMON: CVE-2016-4773 // JVNDB: JVNDB-2016-004938 // CNNVD: CNNVD-201609-480

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4773	Trust: 3.1
db:	BID	id:	93054	Trust: 2.1
db:	SECTRACK	id:	1036858	Trust: 1.8
db:	JVN	id:	JVNVU90950877	Trust: 0.8
db:	JVN	id:	JVNVU93841436	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004938	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-480	Trust: 0.7
db:	VULHUB	id:	VHN-93592	Trust: 0.1
db:	VULMON	id:	CVE-2016-4773	Trust: 0.1
db:	PACKETSTORM	id:	138795	Trust: 0.1
db:	PACKETSTORM	id:	138796	Trust: 0.1

sources: VULHUB: VHN-93592 // VULMON: CVE-2016-4773 // BID: 93054 // JVNDB: JVNDB-2016-004938 // PACKETSTORM: 138795 // PACKETSTORM: 138796 // CNNVD: CNNVD-201609-480 // NVD: CVE-2016-4773

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00008.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00010.html	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/sep/msg00011.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/93054	Trust: 1.8
url:	https://support.apple.com/ht207141	Trust: 1.8
url:	https://support.apple.com/ht207142	Trust: 1.8
url:	https://support.apple.com/ht207143	Trust: 1.8
url:	https://support.apple.com/ht207170	Trust: 1.8
url:	http://www.securitytracker.com/id/1036858	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4773	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93841436/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90950877/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4773	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3
url:	https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099662	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4708	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4773	Trust: 0.2
url:	https://gpgtools.org	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4775	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4726	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4778	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4702	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4777	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4776	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4712	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4774	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4725	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4658	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4772	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4737	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4738	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4753	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4718	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/apple-osx-kernel-cve-2016-4772	Trust: 0.1
url:	https://support.apple.com/kb/ht207141	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=48972	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5131	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4767	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4734	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4611	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4768	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4765	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4759	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4730	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4735	Trust: 0.1

CREDITS

MinSik Shin,YoungJin Yoon, Gergo Koteles, Sunghyun Park, Inc,and Taekyoung Kwon of Information Security Lab, Lufeng Li of Qihoo, Dawid Czagan of Silesia Security Lab, Rodger Combs of Plex, Brandon Azad, HoJae Han, Yonsei University, Marc Heuse of mh-sec

Trust: 0.6

sources: CNNVD: CNNVD-201609-480

SOURCES

db:	VULHUB	id:	VHN-93592
db:	VULMON	id:	CVE-2016-4773
db:	BID	id:	93054
db:	JVNDB	id:	JVNDB-2016-004938
db:	PACKETSTORM	id:	138795
db:	PACKETSTORM	id:	138796
db:	CNNVD	id:	CNNVD-201609-480
db:	NVD	id:	CVE-2016-4773

LAST UPDATE DATE

2024-11-23T20:50:56.368000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93592	date:	2019-03-13T00:00:00
db:	VULMON	id:	CVE-2016-4773	date:	2019-03-13T00:00:00
db:	BID	id:	93054	date:	2017-12-25T12:00:00
db:	JVNDB	id:	JVNDB-2016-004938	date:	2016-09-29T00:00:00
db:	CNNVD	id:	CNNVD-201609-480	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2016-4773	date:	2024-11-21T02:52:56.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93592	date:	2016-09-25T00:00:00
db:	VULMON	id:	CVE-2016-4773	date:	2016-09-25T00:00:00
db:	BID	id:	93054	date:	2016-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-004938	date:	2016-09-29T00:00:00
db:	PACKETSTORM	id:	138795	date:	2016-09-20T17:02:22
db:	PACKETSTORM	id:	138796	date:	2016-09-20T18:32:22
db:	CNNVD	id:	CNNVD-201609-480	date:	2016-09-21T00:00:00
db:	NVD	id:	CVE-2016-4773	date:	2016-09-25T11:00:05.787