ID

VAR-201704-0179


CVE

CVE-2016-4650


TITLE

plural Apple Product IOHIDFamily Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008150

DESCRIPTION

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the IOHIDFamily kernel extension. The issue lies in the failure to validate a supplied length value causing a heap buffer overflow. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of the kernel. Apple tvOS, Mac OS X and iOS are prone to a memory-corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. Note: This issue was previously titled 'PHP CVE-2016-4650 Multiple Remote Code Execution Vulnerabilities'. The title has been changed to better reflect the vulnerability information. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component

Trust: 2.61

sources: NVD: CVE-2016-4650 // JVNDB: JVNDB-2016-008150 // ZDI: ZDI-16-494 // BID: 92034 // VULHUB: VHN-93469

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:9.3.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:9.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.11.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.11 and later

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.2 (ipad 2 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.2 (iphone 4s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:9.3.2 (ipod touch first 5 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:9.2.1 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:os xscope: - version: -

Trust: 0.7

vendor:applemodel:iphone osscope:eqversion:9.3.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.4

Trust: 0.6

vendor:applemodel:tvscope:eqversion:9.2.1

Trust: 0.6

vendor:phpmodel:phpscope:eqversion:5.5.35

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.34

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.33

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.32

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.29

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.28

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.27

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.26

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.21

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.14

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.13

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.12

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.11

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.10

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.6

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.5

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.4

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.3

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.1

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.9

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.8

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.7

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.31

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.30

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.25

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.24

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.23

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.22

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.20

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.2

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.19

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.18

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.17

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.16

Trust: 0.3

vendor:phpmodel:phpscope:eqversion:5.5.15

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11

Trust: 0.3

vendor:phpmodel:phpscope:neversion:5.5.36

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac os security updatescope:neversion:x2016

Trust: 0.3

sources: ZDI: ZDI-16-494 // BID: 92034 // JVNDB: JVNDB-2016-008150 // CNNVD: CNNVD-201607-644 // NVD: CVE-2016-4650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4650
value: HIGH

Trust: 1.0

NVD: CVE-2016-4650
value: HIGH

Trust: 0.8

ZDI: CVE-2016-4650
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201607-644
value: HIGH

Trust: 0.6

VULHUB: VHN-93469
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-4650
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-4650
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-93469
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4650
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-16-494 // VULHUB: VHN-93469 // JVNDB: JVNDB-2016-008150 // CNNVD: CNNVD-201607-644 // NVD: CVE-2016-4650

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-93469 // JVNDB: JVNDB-2016-008150 // NVD: CVE-2016-4650

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201607-644

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201607-644

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008150

PATCH

title:HT206567url:https://support.apple.com/en-us/HT206567

Trust: 1.5

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:HT206568url:https://support.apple.com/en-us/HT206568

Trust: 0.8

title:HT206564url:https://support.apple.com/en-us/HT206564

Trust: 0.8

title:HT206564url:https://support.apple.com/ja-jp/HT206564

Trust: 0.8

title:HT206567url:https://support.apple.com/ja-jp/HT206567

Trust: 0.8

title:HT206568url:https://support.apple.com/ja-jp/HT206568

Trust: 0.8

title:PHP Fixes for remote code execution vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63005

Trust: 0.6

sources: ZDI: ZDI-16-494 // JVNDB: JVNDB-2016-008150 // CNNVD: CNNVD-201607-644

EXTERNAL IDS

db:NVDid:CVE-2016-4650

Trust: 3.5

db:ZDIid:ZDI-16-494

Trust: 2.7

db:BIDid:92034

Trust: 2.0

db:SECTRACKid:1036348

Trust: 1.7

db:JVNid:JVNVU91632741

Trust: 0.8

db:JVNDBid:JVNDB-2016-008150

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3554

Trust: 0.7

db:CNNVDid:CNNVD-201607-644

Trust: 0.7

db:VULHUBid:VHN-93469

Trust: 0.1

sources: ZDI: ZDI-16-494 // VULHUB: VHN-93469 // BID: 92034 // JVNDB: JVNDB-2016-008150 // CNNVD: CNNVD-201607-644 // NVD: CVE-2016-4650

REFERENCES

url:https://support.apple.com/en-us/ht206567

Trust: 2.7

url:https://support.apple.com/en-in/ht206564

Trust: 2.0

url:https://support.apple.com/en-in/ht206568

Trust: 2.0

url:http://www.securityfocus.com/bid/92034

Trust: 1.7

url:http://www.zerodayinitiative.com/advisories/zdi-16-494

Trust: 1.7

url:http://www.securitytracker.com/id/1036348

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4650

Trust: 0.8

url:http://jvn.jp/vu/jvnvu91632741/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-4650

Trust: 0.8

url:http://www.apple.com/ios/

Trust: 0.3

url:http://www.apple.com/accessibility/tvos/

Trust: 0.3

url:http://www.apple.com/macosx/

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-16-494/

Trust: 0.3

sources: ZDI: ZDI-16-494 // VULHUB: VHN-93469 // BID: 92034 // JVNDB: JVNDB-2016-008150 // CNNVD: CNNVD-201607-644 // NVD: CVE-2016-4650

CREDITS

Peter Pi of Trend Micro

Trust: 0.7

sources: ZDI: ZDI-16-494

SOURCES

db:ZDIid:ZDI-16-494
db:VULHUBid:VHN-93469
db:BIDid:92034
db:JVNDBid:JVNDB-2016-008150
db:CNNVDid:CNNVD-201607-644
db:NVDid:CVE-2016-4650

LAST UPDATE DATE

2024-08-14T12:49:14.265000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-494date:2016-08-29T00:00:00
db:VULHUBid:VHN-93469date:2019-03-25T00:00:00
db:BIDid:92034date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-008150date:2017-04-26T00:00:00
db:CNNVDid:CNNVD-201607-644date:2019-03-13T00:00:00
db:NVDid:CVE-2016-4650date:2019-03-25T17:10:30.413

SOURCES RELEASE DATE

db:ZDIid:ZDI-16-494date:2016-08-29T00:00:00
db:VULHUBid:VHN-93469date:2017-04-20T00:00:00
db:BIDid:92034date:2016-07-18T00:00:00
db:JVNDBid:JVNDB-2016-008150date:2017-04-26T00:00:00
db:CNNVDid:CNNVD-201607-644date:2016-07-21T00:00:00
db:NVDid:CVE-2016-4650date:2017-04-20T17:59:00.243