SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges
SecurityTracker Alert ID:  1037469
SecurityTracker URL:  http://securitytracker.com/id/1037469
CVE Reference:   CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663   (Links to External Site)
Date:  Dec 14 2016
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.12.2
Description:   Multiple vulnerabilities were reported in Apple macOS/OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can cause denial of service conditions on the target system. A remote or local user can obtain potentially sensitive information. A local user can obtain elevated privileges on the target system. A local user can modify data and files on the target system.

A local user can trigger a null pointer dereference in AppleGraphicsPowerManagement to cause denial of service conditions on the target system [CVE-2016-7609].

A local user can exploit a permissions flaw to modify downloaded mobile assets [CVE-2016-7628].

A remote user can create specially crafted audio content that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system [CVE-2016-7658, CVE-2016-7659].

An application can trigger a memory corruption error in Bluetooth to execute arbitrary code with kernel-level privileges [CVE-2016-7596].

An application can trigger a null pointer dereference in Bluetooth to cause denial of service conditions [CVE-2016-7605].

An application can trigger a type confusion in Bluetooth to execute arbitrary code with system privileges [CVE-2016-7617].

A local user can trigger a null pointer dereference in CoreCapture to cause denial of service conditions [CVE-2016-7604].

Specially crafted strings can trigger a memory corruption error in CoreFoundation and execute arbitrary code [CVE-2016-7663].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a null pointer dereference in CoreGraphics and execute arbitrary code on the target user's system [CVE-2016-7627].

A local user can trigger a type confusion in CoreMedia External Displays to execute arbitrary code with the privileges of the mediaserver daemon [CVE-2016-7655].

A remote user can create a specially crafted '.mp4' file that, when loaded by the target user, will trigger a flaw in CoreMedia Playback and execute arbitrary code on the target user's system [CVE-2016-7588].

A local user can trigger a null pointer dereference in CoreStorage to cause denial of service conditions on the target system [CVE-2016-7603].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in CoreText and execute arbitrary code on the target user's system [CVE-2016-7595].

A local user can exploit a use-after-free memory error in Directory Services to gain root privileges [CVE-2016-7633].

A local user can trigger a memory corruption error in Disk Images to execute arbitrary code with kernel-level privileges [CVE-2016-7616].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in FontParser and execute arbitrary code on the target user's system [CVE-2016-4691].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a buffer overflow in FontParser and execute arbitrary code on the target user's system [CVE-2016-4688].

A remote user can create a specially crafted '.gcx' file that, when loaded by the target user, will trigger a memory corruption in Foundation and execute arbitrary code on the target user's system [CVE-2016-7618].

A remote user can create a specially crafted '.gcx' file that, when loaded by the target user, will execute arbitrary code on the target user's system [CVE-2016-7622].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a memory corruption error in ICU and execute arbitrary code on the target user's system [CVE-2016-7594].

A remote user can exploit an out-of-bounds memory read error in ImageIO to read portions of memory [CVE-2016-7643].

A local user can trigger a memory corruption error in the Intel Graphics Driver to execute arbitrary code with kernel-level privileges [CVE-2016-7602].

A local user can exploit a flaw in IOAcceleratorFamily to determine kernel memory layout [CVE-2016-7624].

A local user can exploit a flaw in IOFireWireFamily to read kernel memory [CVE-2016-7608].

A local user with system privileges can exploit a use-after-free memory error in IOHIDFamily to execute arbitrary code with kernel-level privileges [CVE-2016-7591].

A local user can exploit a flaw in IOKit to determine kernel memory layout [CVE-2016-7625].

A local user can trigger a memory corruption error in IOKit to read kernel memory [CVE-2016-7657].

A local user can exploit a flaw in IOSurface to determine kernel memory layout [CVE-2016-7620].

A local user can trigger a memory corruption error to execute arbitrary code with kernel-level privileges [CVE-2016-7606, CVE-2016-7612].

A local user can exploit an initialization error to read kernel memory [CVE-2016-7607].

A local user can cause denial of service conditions [CVE-2016-7615].

A local user can trigger a use-after-free memory error in the kernel to execute arbitrary code [CVE-2016-7621].

A local user can trigger a memory corruption error in the kernel to gain root privileges [CVE-2016-7637].

A local user with system privileges can trigger a use-after-free memory error in the kernel to execute arbitrary code with kernel-level privileges [CVE-2016-7644].

A local user can trigger a memory corruption error in kext tools to execute arbitrary code with kernel-level privileges [CVE-2016-7629].

A local user can exploit a flaw in libarchive in the processing of symbolic links (symlinks) to overwrite existing files on the target system [CVE-2016-7619].

A local user can exploit a PAM authentication error handling bug in sandboxed applications to gain access to privileged applications [CVE-2016-7600].

A local user can exploit a mach port name reference validation flaw in Power Management to gain root privileges [CVE-2016-7661].

3DES is configured as a default cipher [CVE-2016-4693].

A remote user in a privileged network position can exploit a validation flaw in the handling of OCSP responder URLs to cause denial of service conditions [CVE-2016-7636].

The system may incorrectly validate an untrusted certificate [CVE-2016-7662].

A local user can exploit a mach port name reference validation flaw in syslog to gain root privileges [CVE-2016-7660].

@cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com), Andre Bargull, Brandon Azad, Gaetan Leurent and Karthikeyan Bhargavan from INRIA Paris, Haohao Kong of Keen Lab (@keen_lab) of Tencent, Ian Beer of Google Project Zero, Keen Lab working with Trend Micro's Zero Day Initiative, Maksymilian Arciemowicz (cxsecurity.com), Pekka Oikarainen,
Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, Perette Barella of DeviousFish.com, Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative, Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero, Simon Huang of Alipay company, thelongestusernameofall@gmail.com,
TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM, The UK's National Cyber Security Centre (NCSC), Yangkang (@dnpushme) of Qihoo360 Qex Team, an anonymous researcher, daybreaker of Minionz, daybreaker@Minionz working with Trend Micro's Zero Day Initiative, dragonltx of Huawei 2012 Laboratories, and riusksk of Tencent Security Platform Department reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote or local user can cause denial of service conditions on the target system.

A remote or local user can obtain potentially sensitive information on the target system.

A local user can obtain elevated privileges on the target system.

A local user can modify data and files on the target system.

Solution:   The vendor has issued a fix (10.12.2).

The vendor advisory is available at:

https://support.apple.com/en-us/HT207423

Vendor URL:  support.apple.com/en-us/HT207423 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error, Configuration error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 24 2017 (Apple Issues Fix for Apple Watch) Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges
Apple has issued a fix for Apple Watch.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, SecurityGlobal.net LLC