Details of VAR-201702-0229

ID

VAR-201702-0229

CVE

CVE-2016-7630

TITLE

Apple iOS of WebSheet Vulnerabilities that bypass the sandbox protection mechanism in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-007377

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must connect to a WiFi access point.The specific flaw exists within the usage of the legacy-diagnostics protocol handler. The issue lies in the launching of a diagnostic application that is able to render webpages outside of the sandbox. An attacker can leverage this vulnerability to escalate privileges outside the context of the sandbox. Apple iOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. WebSheet is one of the web form application components

Trust: 2.61

sources: NVD: CVE-2016-7630 // JVNDB: JVNDB-2016-007377 // ZDI: ZDI-16-679 // BID: 96330 // VULHUB: VHN-96450

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.2	Trust: 0.3

sources: ZDI: ZDI-16-679 // BID: 96330 // JVNDB: JVNDB-2016-007377 // CNNVD: CNNVD-201702-716 // NVD: CVE-2016-7630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7630
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-7630
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2016-7630
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201702-716
value:	HIGH
Trust: 0.6
VULHUB:	VHN-96450
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-7630
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2016-7630
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-96450
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7630
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-16-679 // VULHUB: VHN-96450 // JVNDB: JVNDB-2016-007377 // CNNVD: CNNVD-201702-716 // NVD: CVE-2016-7630

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.1
problemtype:	CWE-200	Trust: 0.8

sources: VULHUB: VHN-96450 // JVNDB: JVNDB-2016-007377 // NVD: CVE-2016-7630

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-716

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-716

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007377

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-12-1 iOS 10.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00000.html	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/en-us/HT207422	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/ja-jp/HT207422	Trust: 0.8
title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/HT207422	Trust: 0.7
title:	Apple iOS WebSheet Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68137	Trust: 0.6

sources: ZDI: ZDI-16-679 // JVNDB: JVNDB-2016-007377 // CNNVD: CNNVD-201702-716

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7630	Trust: 3.5
db:	JVN	id:	JVNVU93979172	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007377	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3954	Trust: 0.7
db:	ZDI	id:	ZDI-16-679	Trust: 0.7
db:	CNNVD	id:	CNNVD-201702-716	Trust: 0.7
db:	BID	id:	96330	Trust: 0.4
db:	VULHUB	id:	VHN-96450	Trust: 0.1

sources: ZDI: ZDI-16-679 // VULHUB: VHN-96450 // BID: 96330 // JVNDB: JVNDB-2016-007377 // CNNVD: CNNVD-201702-716 // NVD: CVE-2016-7630

REFERENCES

url:	https://support.apple.com/ht207422	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7630	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93979172/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7630	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-us/ht207422	Trust: 0.3

sources: ZDI: ZDI-16-679 // VULHUB: VHN-96450 // BID: 96330 // JVNDB: JVNDB-2016-007377 // CNNVD: CNNVD-201702-716 // NVD: CVE-2016-7630

CREDITS

7cd6cbc56470722cd7dea01561796431

Trust: 0.7

sources: ZDI: ZDI-16-679

SOURCES

db:	ZDI	id:	ZDI-16-679
db:	VULHUB	id:	VHN-96450
db:	BID	id:	96330
db:	JVNDB	id:	JVNDB-2016-007377
db:	CNNVD	id:	CNNVD-201702-716
db:	NVD	id:	CVE-2016-7630

LAST UPDATE DATE

2024-11-23T20:05:13.519000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-679	date:	2017-03-31T00:00:00
db:	VULHUB	id:	VHN-96450	date:	2017-02-21T00:00:00
db:	BID	id:	96330	date:	2017-03-07T02:05:00
db:	JVNDB	id:	JVNDB-2016-007377	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201702-716	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7630	date:	2024-11-21T02:58:20.163

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-679	date:	2017-03-31T00:00:00
db:	VULHUB	id:	VHN-96450	date:	2017-02-20T00:00:00
db:	BID	id:	96330	date:	2017-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-007377	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201702-716	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7630	date:	2017-02-20T08:59:03.120