SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Deny Service, Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Gain Elevated Privileges
SecurityTracker Alert ID:  1036858
SecurityTracker URL:  http://securitytracker.com/id/1036858
CVE Reference:   CVE-2016-4606, CVE-2016-4658, CVE-2016-4696, CVE-2016-4697, CVE-2016-4698, CVE-2016-4699, CVE-2016-4700, CVE-2016-4701, CVE-2016-4702, CVE-2016-4703, CVE-2016-4706, CVE-2016-4707, CVE-2016-4708, CVE-2016-4709, CVE-2016-4710, CVE-2016-4711, CVE-2016-4712, CVE-2016-4713, CVE-2016-4715, CVE-2016-4716, CVE-2016-4717, CVE-2016-4718, CVE-2016-4722, CVE-2016-4723, CVE-2016-4724, CVE-2016-4725, CVE-2016-4726, CVE-2016-4727, CVE-2016-4736, CVE-2016-4738, CVE-2016-4739, CVE-2016-4742, CVE-2016-4745, CVE-2016-4748, CVE-2016-4750, CVE-2016-4752, CVE-2016-4753, CVE-2016-4755, CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778, CVE-2016-4779   (Links to External Site)
Date:  Sep 21 2016
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.11.6
Description:   Multiple vulnerabilities were reported in Apple macOS/OS X. A remote or local user can cause denial of service conditions on the target system. A remote or local user can obtain potentially sensitive information. A remote or local user can obtain elevated privileges on the target system.

An application or a local user can trigger a memory corruption error and execute arbitrary code with kernel level privileges.

Apple HSSPI Support is affected [CVE-2016-4697].

S2 Camera is affected [CVE-2016-4750].

AppleUUC is affected [CVE-2016-4699, CVE-2016-4700].

The processing of font files in ATS is affected [CVE-2016-4779].

Audio is affected [CVE-2016-4702].

libarchive is affected [CVE-2016-4736].

libxml2 is affected [CVE-2016-4658].

libxslt is affected [CVE-2016-4738].

The kernel is affected [CVE-2016-4775, CVE-2016-4777, CVE-2016-4778].

IOThunderboltFamily is affected [CVE-2016-4727].

The Intel Graphics Driver is affected [CVE-2016-4723].

IOAcceleratorFamily is affected [CVE-2016-4725, CVE-2016-4726].

An application can trigger a null pointer dereference and execute arbitrary code with kernel level privileges.

AppleEFIRuntime is affected [CVE-2016-4696].

IOAcceleratorFamily is affected [CVE-2016-4724].

An application can trigger a validation flaw in task port inheritance policy in AppleMobileFileIntegrity to execute arbitrary code with system privileges [CVE-2016-4698].

A local user can cause denial of service conditions.

The handling of Application Firewall prompts is affected [CVE-2016-4701].

Bluetooth is affected [CVE-2016-4703].

The cd9660 component is affected [CVE-2016-4706].

A local user can exploit a flaw in CFNetwork Local Storage deletion to determine websites that a target user has visited [CVE-2016-4707].

A remote user can exploit a flaw in the parsing of the set-cookie header to obtain potentially sensitive information [CVE-2016-4708].

An application using CommonCrypto CCrypt can trigger an input validation flaw when the input buffer and the output buffer is the same to obtain plaintext data [CVE-2016-4711].

An application can trigger an out-of-bounds memory write error in CoreCrypto to execute arbitrary code [CVE-2016-4712].

A remote authenticated screen sharing user can exploit a session management flaw to view another user's screen [CVE-2016-4713].

Various flaws may occur in curl [CVE-2016-4606].

An application can exploit a flaw in the '.GlobalPreferences' file to determine the target user's current location [CVE-2016-4715].

A local user can trigger a permissions access flaw in diskutil to execute execute arbitrary code with system privileges [CVE-2016-4716].

A remote user can trigger a buffer overflow in the processing of font files to obtain process memory contents [CVE-2016-4718].

A remote user can conduct a side channel timing attack against the Kerberos v5 PAM module to determine valid user accounts on the target system [CVE-2016-4745].

A local application can trigger a directory path parsing flaw to access restricted files [CVE-2016-4771].

A local application can trigger a flaw in the processing of scoped bookmarks to cause denial of service conditions [CVE-2016-4717].

A remote user in a privileged network position can trigger a spoofing flaw in the handling of Call Relay to cause denial of service conditions [CVE-2016-4722].

A remote user can trigger a lock handling flaw in the kernel to cause denial of service conditions [CVE-2016-4772].

An application can trigger an out-of-bounds memory read error to determine kernel memory layout [CVE-2016-4773, CVE-2016-4774, CVE-2016-4776].

A remote user can view potentially sensitive information when an application using 'VMnet.framework' enable a DNS proxy on all network interfaces [CVE-2016-4739].

An application can exploit a state management flaw in NSSecureTextField to obtain the target user's credentials [CVE-2016-4742].

A local user can exploit a flaw in the parsing of environment variables to bypass the Perl taint protection mechanism [CVE-2016-4748].

An application that uses SecKeyDeriveFromPassword can trigger a resource management flaw to obtain portions of system memory [CVE-2016-4752].

An application can exploit a signed disk image validation flaw to execute arbitrarycode with system privileges [CVE-2016-4753].

A local user can exploit a permissions flaw in '.bash_history' and '.bash_session' to obtain potentially sensitive information [CVE-2016-4755].

A local user can trigger a type confusion error in WindowServer to gain root privileges [CVE-2016-4709, CVE-2016-4710].

Qidan He (@flanker_hqd) from KeenLab (via Trend Micro's Zero Day Initiative), Shrek_wzw of Qihoo 360 Nirvan Team, Pedro Vilaca, Jack Tang (@jacktang310) and Moony Li of Trend Micro (via Trend Micro's Zero Day Initiative), an anonymous researcher, Max Lohrmann,
Dawid Czagan of Silesia Security Lab, Ruggero Alberti, Gergo Koteles, Recurity Labs on behalf of BSI (German Federal Office for Information Security), Isaac Boukris, Taiki (@Taiki__San) at ESIEA (Paris), Alexander Allen of The North Carolina School of Science and Mathematics, daybreaker of Minionz, Cererdlong, Eakerqiu of Team OverSky,
Rodger Combs of Plex, Inc, wmin (via Trend Micros Zero Day Initiative), Balazs Bucsay, Research Director of MRG Effitas, Tom Bradley of 71Squared Ltd, Martin Vigo (@martin_vigo) of salesforce.com, Marc Heuse of mh-sec, Brandon Azad, Lufeng Li of Qihoo 360 Vulcan Team,
CESG, Proteas of Qihoo 360 Nirvan Team, Nick Wellnhofer, Juwei Lin(@fuzzerDOTcn) of Trend Micro, YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University, riusksk of Tencent Security Platform Department, Meder Kydyraliev Google Security Team, Magnus Skjegstad, David Scott,
and Anil Madhavapeddy from Docker, Inc., Daniel Jalkut of Red Sweater Software, Rick Fillion of AgileBits, Stephane Chazelas, Mark Rogers of PowerMapper Software, Mark Mentovai of Google Inc., and Axel Luttgens reported these vulnerabilities.

Impact:   A remote or local user can cause denial of service conditions on the target system.

A remote or local user can obtain potentially sensitive information on the target system.

A remote or local user can obtain elevated privileges on the target system.

A remote user can execute arbitrary code on the target system.

Solution:   The vendor has issued a fix (10.12).

The vendor advisory is available at:

https://support.apple.com/en-us/HT207170

Vendor URL:  support.apple.com/en-us/HT207170 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, Resource error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC