SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges
SecurityTracker Alert ID:  1035363
SecurityTracker URL:  http://securitytracker.com/id/1035363
CVE Reference:   CVE-2016-1732, CVE-2016-1733, CVE-2016-1735, CVE-2016-1736, CVE-2016-1737, CVE-2016-1738, CVE-2016-1741, CVE-2016-1743, CVE-2016-1744, CVE-2016-1745, CVE-2016-1746, CVE-2016-1747, CVE-2016-1749, CVE-2016-1759, CVE-2016-1764, CVE-2016-1767, CVE-2016-1768, CVE-2016-1769, CVE-2016-1770, CVE-2016-1773   (Links to External Site)
Updated:  Mar 24 2016
Original Entry Date:  Mar 22 2016
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain potentially sensitive information. An application can obtain elevated privileges on the target system. A remote user can obtain potentially sensitive information on the target system.

A local user can trigger an out-of-bounds memory read error in AppleRAID TO determine kernel memory layout [CVE-2016-1732].

An application can trigger a memory corruption flaw in AppleRAID to execute arbitrary code with kernel level privileges [CVE-2016-1733].

An application can trigger a memory corruption flaw in Bluetooth to execute arbitrary code with kernel level privileges [CVE-2016-1735, CVE-2016-1736].

A remote user can create a specially crafted '.dfont' file that, when loaded by the target user, will trigger a memory corruption error in Carbon and execute arbitrary code on the target system [CVE-2016-1737].

A user can modify code-signed applications to trigger a flaw in dyld and execute arbitrary code with the privileges of the target application [CVE-2016-1738].

An application can trigger a memory corruption flaw in NVIDIA Graphics Drivers to execute arbitrary code with kernel level privileges [CVE-2016-1741].

An application can trigger a memory corruption flaw in Intel Graphics Drivers to execute arbitrary code with kernel level privileges [CVE-2016-1743, CVE-2016-1744].

A local user can trigger a null pointer dereference in IOFireWireFamily and cause denial of service conditions [CVE-2016-1745].

An application can trigger a memory corruption flaw in IOGraphics to execute arbitrary code with kernel level privileges [CVE-2016-1746, CVE-2016-1747].

An application can trigger a memory corruption error in IOUSBFamily and execute arbitrary code with kernel level privileges [CVE-2016-1749].

An application can trigger a memory corruption error in the kernel and execute arbitrary code with kernel level privileges [CVE-2016-1759].

A remote user can create a specially crafted JavaScript link that, when loaded by the target user, will allow the remote user to access potentially sensitive information [CVE-2016-1764].

A remote user can create a specially crafted FlashPix Bitmap Image that, when loaded by the target user, will trigger a memory corruption error in QuickTime and execute arbitrary code on the target system [CVE-2016-1767, CVE-2016-1768].

A remote user can create a specially crafted Photoshop document that, when loaded by the target user, will trigger a memory corruption error in QuickTime and execute arbitrary code on the target system [CVE-2016-1769].

A remote user can create a specially crafted 'tel:' link that, when loaded by the target user, will make a call on the target user's system without prompting the user first [CVE-2016-1770].

A local user can exploit a permissions error in code signing tools to determine if arbitrary files exist on the target system [CVE-2016-1773].

Proteas of Qihoo 360 Nirvan Team, Jeonghoon Shin@A.D.D, an anonymous researcher, beist and ABH of BoB, Piotr Bania of Cisco Talos, sweetchip of Grayhash, Peter Pi of Trend Micro (via Trend Micro's Zero Day Initiative (ZDI)), Ian Beer of Google Project Zero and Juwei Lin of Trend Micro (via Trend Micro's Zero Day Initiative (ZDI)),
Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox, Francis Provencher from COSIG, Guillaume Ross of Rapid7, Laurent Chouinard of Laurent.ca, lokihardt, and Mark Mentovai of Google Inc. reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local or remote user can obtain potentially sensitive information on the target system.

A local user can obtain elevated privileges on the target system.

Solution:   The vendor has issued a fix (10.11.4, Security Update 2016-002).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT206167

Vendor URL:  support.apple.com/en-us/HT206167 (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC