SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges
SecurityTracker Alert ID:  1034736
SecurityTracker URL:  http://securitytracker.com/id/1034736
CVE Reference:   CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729   (Links to External Site)
Date:  Jan 20 2016
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.11 to v10.11.2
Description:   Multiple vulnerabilities were reported in Apple OS X. A local user can obtain root privileges on the target system.

A local user can exploit a memory corruption error in AppleGraphicsPowerManagement to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1716].

A local user can exploit a memory corruption error in Disk Images to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1717].

A local user can exploit a memory corruption error in IOAcceleratorFamily to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1718].

A local user can exploit a memory corruption error in IOHIDFamily to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1719].

A local user can exploit a memory corruption error in IOKit to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1720].

A local user can exploit a flaw in the kernel to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1721].

A quarantined application can override OSA script libraries on the target system [CVE-2016-1729].

A local user can exploit a memory corruption error in syslog to execute arbitrary code on the target system with root privileges [CVE-2016-1722].

Moony Li of Trend Micro, Liang Chen and Sen Nie of KeenLab, Tencent, Frank Graziano of Yahoo! Pentest Team, Juwei Lin Trend Micro (via HP's Zero Day Initiative), Ian Beer of Google Project Zero, an anonymous researcher, and Joshua J. Drake and Nikias Bassen of Zimperium zLabs reported these vulnerabilities.

Impact:   A local user can obtain kernel-level or root privileges on the target system.
Solution:   The vendor has issued a fix (10.11.3; Security Update 2016-001).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT205731

Vendor URL:  support.apple.com/en-us/HT205731 (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 26 2016 (Apple Issues Fix for Apple TV) Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges
Apple has issued a fix for Apple TV.
Feb 25 2016 (Apple Issues Fix for Apple TV) Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges
Apple has issued a fix for Apple TV.
Mar 22 2016 (Apple Issues Fix for Apple Watch) Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges
Apple has issued a fix for Apple Watch.
May 7 2016 (HP Issues Fix for HPE System Management Homepage) Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges
HP has issued a fix for HPE System Management Homepage.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC