SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple Watch Vendors:   Apple
(Apple Issues Fix for Apple Watch) Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges
SecurityTracker Alert ID:  1035360
SecurityTracker URL:  http://securitytracker.com/id/1035360
CVE Reference:   CVE-2015-7995, CVE-2016-1717, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722   (Links to External Site)
Date:  Mar 22 2016
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.2
Description:   Multiple vulnerabilities were reported in Apple OS X. A local user can obtain root privileges on the target system. Apple Watch is affected.

A local user can exploit a memory corruption error in AppleGraphicsPowerManagement to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1716].

A local user can exploit a memory corruption error in Disk Images to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1717].

A local user can exploit a memory corruption error in IOAcceleratorFamily to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1718].

A local user can exploit a memory corruption error in IOHIDFamily to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1719].

A local user can exploit a memory corruption error in IOKit to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1720].

A local user can exploit a flaw in the kernel to execute arbitrary code on the target system with kernel-level privileges [CVE-2016-1721].

A quarantined application can override OSA script libraries on the target system [CVE-2016-1729].

A local user can exploit a memory corruption error in syslog to execute arbitrary code on the target system with root privileges [CVE-2016-1722].

Moony Li of Trend Micro, Liang Chen and Sen Nie of KeenLab, Tencent, Frank Graziano of Yahoo! Pentest Team, Juwei Lin Trend Micro (via HP's Zero Day Initiative), Ian Beer of Google Project Zero, an anonymous researcher, and Joshua J. Drake and Nikias Bassen of Zimperium zLabs reported these vulnerabilities.

Impact:   A local user can obtain kernel-level or root privileges on the target system.
Solution:   Apple has issued a fix for CVE-2015-7995, CVE-2016-1717, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, and CVE-2016-1722 for Apple Watch (2.2).

The Apple advisory is available at:

https://support.apple.com/en-us/HT206168

Vendor URL:  support.apple.com/en-us/HT206168 (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Jan 20 2016 Apple OS X Multiple Memory Corruption Flaws Lets Local Users Obtain Root Privileges



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC