cvelistv5 - cve-2016-4637

CVE-2016-4637 (GCVE-0-2016-4637)

Vulnerability from cvelistv5 – Published: 2016-07-22 01:00 – Updated: 2024-08-06 00:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://www.securitytracker.com/id/1036344	vdb-entryx_refsource_SECTRACK
	http://www.talosintelligence.com/reports/TALOS-20…	x_refsource_MISC
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/bid/91834	vdb-entryx_refsource_BID
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://support.apple.com/HT206905	x_refsource_CONFIRM
	https://support.apple.com/HT206903	x_refsource_CONFIRM
	https://support.apple.com/HT206902	x_refsource_CONFIRM
	https://support.apple.com/HT206904	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:39:25.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036344",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036344"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
          },
          {
            "name": "APPLE-SA-2016-07-18-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
          },
          {
            "name": "91834",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91834"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206905"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-31T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "1036344",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036344"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
        },
        {
          "name": "APPLE-SA-2016-07-18-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
        },
        {
          "name": "APPLE-SA-2016-07-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
        },
        {
          "name": "91834",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91834"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206905"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206903"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206904"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036344",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036344"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0186/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "name": "91834",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91834"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "https://support.apple.com/HT206905",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "https://support.apple.com/HT206903",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206903"
            },
            {
              "name": "https://support.apple.com/HT206902",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206902"
            },
            {
              "name": "https://support.apple.com/HT206904",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206904"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-4637",
    "datePublished": "2016-07-22T01:00:00",
    "dateReserved": "2016-05-11T00:00:00",
    "dateUpdated": "2024-08-06T00:39:25.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.3.3\", \"matchCriteriaId\": \"58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.11.6\", \"matchCriteriaId\": \"345C1D2B-0795-4041-BB43-0196DC1A37E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.2.2\", \"matchCriteriaId\": \"DE82A10D-FF16-469F-9CC0-D97EE6B694BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2.2\", \"matchCriteriaId\": \"0C06D177-4027-4F79-832E-196EB0B14109\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.\"}, {\"lang\": \"es\", \"value\": \"CoreGraphics en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de una imagen BMP manipulada.\"}]",
      "id": "CVE-2016-4637",
      "lastModified": "2024-11-21T02:52:40.243",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-07-22T02:59:57.540",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91834\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036344\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0186/\", \"source\": \"product-security@apple.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/HT206902\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206903\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206904\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206905\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91834\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1036344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.talosintelligence.com/reports/TALOS-2016-0186/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/HT206902\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206904\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT206905\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4637\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2016-07-22T02:59:57.540\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.\"},{\"lang\":\"es\",\"value\":\"CoreGraphics en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una imagen BMP manipulada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.11.6\",\"matchCriteriaId\":\"345C1D2B-0795-4041-BB43-0196DC1A37E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.2\",\"matchCriteriaId\":\"DE82A10D-FF16-469F-9CC0-D97EE6B694BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.2\",\"matchCriteriaId\":\"0C06D177-4027-4F79-832E-196EB0B14109\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91834\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036344\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0186/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT206902\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206903\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206904\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206905\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91834\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0186/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/HT206902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT206905\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2016-4637

Vulnerability from fkie_nvd - Published: 2016-07-22 02:59 - Updated: 2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html	Mailing List, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html	Mailing List, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/91834	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1036344	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.talosintelligence.com/reports/TALOS-2016-0186/	Exploit, Third Party Advisory
product-security@apple.com	https://support.apple.com/HT206902	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206903	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206904	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT206905	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91834	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036344	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.talosintelligence.com/reports/TALOS-2016-0186/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206902	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206903	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206904	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206905	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58AFFDB5-B32E-4283-968F-BBFA4CAAC2E1",
              "versionEndExcluding": "9.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "345C1D2B-0795-4041-BB43-0196DC1A37E9",
              "versionEndExcluding": "10.11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE82A10D-FF16-469F-9CC0-D97EE6B694BA",
              "versionEndExcluding": "9.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C06D177-4027-4F79-832E-196EB0B14109",
              "versionEndExcluding": "2.2.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
    },
    {
      "lang": "es",
      "value": "CoreGraphics en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una imagen BMP manipulada."
    }
  ],
  "id": "CVE-2016-4637",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-22T02:59:57.540",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91834"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036344"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206902"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206903"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206904"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206905"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-05573

Vulnerability from cnvd - Published: 2016-07-27

Title

Apple Core Graphics BMP Framework img_decode_read远程代码执行漏洞

Description

Apple's CoreGraphics库是一款用户创建和操作图形元素的API。 Apple OS X和iOS在处理BMP图片时存在远程代码执行漏洞。攻击者利用该漏洞在一个BMP图片中嵌入恶意的漏洞利用代码导致越界写从而实现任意代码执行。

Severity

高

Patch Name

Apple Core Graphics BMP Framework img_decode_read远程代码执行漏洞的补丁

Patch Description

Apple's CoreGraphics库是一款用户创建和操作图形元素的API。 Apple OS X和iOS在处理BMP图片时存在远程代码执行漏洞。攻击者利用该漏洞在一个BMP图片中嵌入恶意的漏洞利用代码导致越界写从而实现任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.apple.com/cn/

Reference

http://www.talosintelligence.com/reports/TALOS-2016-0186/

Impacted products

Name
['Apple IOS <9.3.3', 'Apple watchOS <2.2.2', 'Apple tvOS <9.2.2', 'Apple OS X <10.11.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4637"
    }
  },
  "description": "Apple\u0027s CoreGraphics\u5e93\u662f\u4e00\u6b3e\u7528\u6237\u521b\u5efa\u548c\u64cd\u4f5c\u56fe\u5f62\u5143\u7d20\u7684API\u3002\r\n\r\nApple OS X\u548ciOS\u5728\u5904\u7406BMP\u56fe\u7247\u65f6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002 \u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e00\u4e2aBMP\u56fe\u7247\u4e2d\u5d4c\u5165\u6076\u610f\u7684\u6f0f\u6d1e\u5229\u7528\u4ee3\u7801\u5bfc\u81f4\u8d8a\u754c\u5199\u4ece\u800c\u5b9e\u73b0\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "Apple",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.apple.com/cn/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-05573",
  "openTime": "2016-07-27",
  "patchDescription": "Apple\u0027s CoreGraphics\u5e93\u662f\u4e00\u6b3e\u7528\u6237\u521b\u5efa\u548c\u64cd\u4f5c\u56fe\u5f62\u5143\u7d20\u7684API\u3002\r\n\r\nApple OS X\u548ciOS\u5728\u5904\u7406BMP\u56fe\u7247\u65f6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002 \u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e00\u4e2aBMP\u56fe\u7247\u4e2d\u5d4c\u5165\u6076\u610f\u7684\u6f0f\u6d1e\u5229\u7528\u4ee3\u7801\u5bfc\u81f4\u8d8a\u754c\u5199\u4ece\u800c\u5b9e\u73b0\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple Core Graphics BMP Framework img_decode_read\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c9.3.3",
      "Apple watchOS \u003c2.2.2",
      "Apple tvOS \u003c9.2.2",
      "Apple OS X \u003c10.11.6"
    ]
  },
  "referenceLink": "http://www.talosintelligence.com/reports/TALOS-2016-0186/",
  "serverity": "\u9ad8",
  "submitTime": "2016-07-26",
  "title": "Apple Core Graphics BMP Framework img_decode_read\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CERTFR-2016-AVI-239

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple tvOS versions antérieures à 9.2.2
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.4.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 5.2.1
Apple	Safari	Apple Safari versions antérieures à 9.1.2
Apple	N/A	Apple watchOS versions antérieures à 2.2.2
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004
Apple	N/A	Apple iOS versions antérieures à 9.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206902 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206905 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206903 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206901 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206904 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206899 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206900 du 18 juillet 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
    },
    {
      "name": "CVE-2016-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
    },
    {
      "name": "CVE-2016-4584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
    },
    {
      "name": "CVE-2016-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
    },
    {
      "name": "CVE-2016-4629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
    },
    {
      "name": "CVE-2016-4601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
    },
    {
      "name": "CVE-2016-4600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
    },
    {
      "name": "CVE-2016-4646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
    },
    {
      "name": "CVE-2016-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
    },
    {
      "name": "CVE-2016-4582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-4595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-4589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
    },
    {
      "name": "CVE-2016-4627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
    },
    {
      "name": "CVE-2016-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
    },
    {
      "name": "CVE-2016-4631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
    },
    {
      "name": "CVE-2016-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
    },
    {
      "name": "CVE-2016-4632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
    },
    {
      "name": "CVE-2016-4621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
    },
    {
      "name": "CVE-2016-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-4624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
    },
    {
      "name": "CVE-2016-4634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
    },
    {
      "name": "CVE-2016-4596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
    },
    {
      "name": "CVE-2016-4588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
    },
    {
      "name": "CVE-2016-4597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
    },
    {
      "name": "CVE-2016-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
    },
    {
      "name": "CVE-2016-4633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
    },
    {
      "name": "CVE-2016-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
    },
    {
      "name": "CVE-2016-4602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
    },
    {
      "name": "CVE-2016-4652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
    },
    {
      "name": "CVE-2016-4586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-4594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
    },
    {
      "name": "CVE-2016-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
    },
    {
      "name": "CVE-2016-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
    },
    {
      "name": "CVE-2016-4647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
    },
    {
      "name": "CVE-2016-4583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
    },
    {
      "name": "CVE-2014-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
    },
    {
      "name": "CVE-2016-4625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
    },
    {
      "name": "CVE-2016-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
    },
    {
      "name": "CVE-2016-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
    },
    {
      "name": "CVE-2016-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
    },
    {
      "name": "CVE-2016-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
    },
    {
      "name": "CVE-2016-4585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
    },
    {
      "name": "CVE-2016-4593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
    },
    {
      "name": "CVE-2016-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
    },
    {
      "name": "CVE-2016-4591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
    },
    {
      "name": "CVE-2016-4630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
    },
    {
      "name": "CVE-2016-4604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
    },
    {
      "name": "CVE-2016-4628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
    },
    {
      "name": "CVE-2016-4626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
    },
    {
      "name": "CVE-2016-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-239",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206902"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206905"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206903"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206901"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206904"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206899"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206900"
    }
  ]
}

CERTFR-2016-AVI-239

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple tvOS versions antérieures à 9.2.2
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.4.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 5.2.1
Apple	Safari	Apple Safari versions antérieures à 9.1.2
Apple	N/A	Apple watchOS versions antérieures à 2.2.2
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004
Apple	N/A	Apple iOS versions antérieures à 9.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206902 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206905 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206903 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206901 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206904 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206899 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206900 du 18 juillet 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
    },
    {
      "name": "CVE-2016-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
    },
    {
      "name": "CVE-2016-4584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
    },
    {
      "name": "CVE-2016-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
    },
    {
      "name": "CVE-2016-4629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
    },
    {
      "name": "CVE-2016-4601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
    },
    {
      "name": "CVE-2016-4600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
    },
    {
      "name": "CVE-2016-4646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
    },
    {
      "name": "CVE-2016-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
    },
    {
      "name": "CVE-2016-4582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-4595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-4589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
    },
    {
      "name": "CVE-2016-4627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
    },
    {
      "name": "CVE-2016-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
    },
    {
      "name": "CVE-2016-4631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
    },
    {
      "name": "CVE-2016-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
    },
    {
      "name": "CVE-2016-4632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
    },
    {
      "name": "CVE-2016-4621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
    },
    {
      "name": "CVE-2016-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-4624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
    },
    {
      "name": "CVE-2016-4634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
    },
    {
      "name": "CVE-2016-4596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
    },
    {
      "name": "CVE-2016-4588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
    },
    {
      "name": "CVE-2016-4597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
    },
    {
      "name": "CVE-2016-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
    },
    {
      "name": "CVE-2016-4633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
    },
    {
      "name": "CVE-2016-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
    },
    {
      "name": "CVE-2016-4602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
    },
    {
      "name": "CVE-2016-4652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
    },
    {
      "name": "CVE-2016-4586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-4594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
    },
    {
      "name": "CVE-2016-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
    },
    {
      "name": "CVE-2016-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
    },
    {
      "name": "CVE-2016-4647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
    },
    {
      "name": "CVE-2016-4583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
    },
    {
      "name": "CVE-2014-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
    },
    {
      "name": "CVE-2016-4625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
    },
    {
      "name": "CVE-2016-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
    },
    {
      "name": "CVE-2016-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
    },
    {
      "name": "CVE-2016-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
    },
    {
      "name": "CVE-2016-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
    },
    {
      "name": "CVE-2016-4585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
    },
    {
      "name": "CVE-2016-4593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
    },
    {
      "name": "CVE-2016-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
    },
    {
      "name": "CVE-2016-4591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
    },
    {
      "name": "CVE-2016-4630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
    },
    {
      "name": "CVE-2016-4604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
    },
    {
      "name": "CVE-2016-4628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
    },
    {
      "name": "CVE-2016-4626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
    },
    {
      "name": "CVE-2016-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-239",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206902"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206905"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206903"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206901"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206904"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206899"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206900"
    }
  ]
}

VAR-201607-0374

Vulnerability from variot - Updated: 2023-12-18 11:52

CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreGraphics is an iOS built-in drawing framework. A security vulnerability exists in CoreGraphics in several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-07-18-3 watchOS 2.2.2

watchOS 2.2.2 is now available and addresses the following:

CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)

ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex

IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro

IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4628 : Ju Zhu of Trend Micro

IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins

Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team

libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck

libxml2 Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany

libxslt Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire

Sandbox Profiles Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt r+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg PyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld 0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL ntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ T9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP 5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS m1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP ks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd l48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc nUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3 nb7PSAEOmpjCwkMbzdvm =l25N -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0374",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2.2"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 and later"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3.3   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3.3   (iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3.3   (ipod touch first  5 after generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2.2   (apple tv first  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2.2   (apple watch edition)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2.2   (apple watch hermes)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2.2   (apple watch sport)"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2.2   (apple watch)"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.11.5"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "watch sport",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watch hermes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watch edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "mac os security update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x2016"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "91834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.11.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stefan Esser of SektionEins, Nick Wellnhofer, Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports), Evgeny Sidorov of Yandex",
    "sources": [
      {
        "db": "BID",
        "id": "91834"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-4637",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-4637",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-93456",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4637",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4637",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-889",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93456",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code or bypass security restrictions. Failed  exploit attempts may result  in a  denial-of-service condition. \nVersions prior to iOS 9.3.3, watchOS 2.2.2, OS X 10.11.6, and tvOS 9.2.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreGraphics is an iOS built-in drawing framework. A security vulnerability exists in CoreGraphics in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-3 watchOS 2.2.2\n\nwatchOS 2.2.2 is now available and addresses the following:\n\nCoreGraphics\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOAcceleratorFamily\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A local user may be able to read kernel memory\nDescription:  An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4628 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nKernel\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A local user may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nlibxml2\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  Multiple vulnerabilities in libxml2\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxslt\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  Multiple vulnerabilities in libxslt\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSandbox Profiles\nAvailable for:  Apple Watch Sport, Apple Watch, Apple Watch Edition,\nand Apple Watch Hermes\nImpact:  A local application may be able to access the process list\nDescription:  An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/en-us/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA7AAoJEIOj74w0bLRGEXgP+weQFMlAuBOyZg11jFauawDt\nr+LmaHifpMysV13r6cLkKP6cVqV4G6EEOGp9hSqC2lsHKQYDN5vdyLwLl5sE3kSg\nPyQgp5iE3Eihe9ArswPbsrm/c1aIMZbKNnAVQkHOQX7STTmYDfp5ATxxFp7yueld\n0QVCEbr4QCpqpQCJhqRO7RHWnlOCmTKdYxsD6rYqOEALnZzfB9A5bZPyeM1LNnJL\nntom0d1GzuBjowrEIFPyZBE+oZP1wEfUBsYnr5sD5jkAHphMCyI0/MPAwH3181aZ\nT9jHgJMc/0xlitBHwCT7nv7AE3YpxPYpM8lM1a+cLOfHNaUiX7bfX2w+6PVEDFiP\n5X0raq+QYnqKdNXanG2nMhQjIYJEIWbOBKanM7hMWM6C2kd4YAc4eLACX3vObWNS\nm1Fbj1/Qxqtng0sqw66HhyFEcz9Cqgg7UX2MEmxVV86Oxqcb2PW5XrwUZ9PtgByP\nks8UNaOXYKaRo+OIhaAPn1qfSSlhp086LfGPuCm5lP0c5hZ9TfyErWPG+1nhD6Vd\nl48RQOYcAAE//wMLuSf38CbvS0RVcfzKA6DfUAlEAv0Aw4GOZRNCmtLVZo2QS8kc\nnUItEluM+03NkqrGROZiyoC+FIrXunr47JzdP5kawB6C1zsJrP2vFr1au9gbwUZ3\nnb7PSAEOmpjCwkMbzdvm\n=l25N\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "BID",
        "id": "91834"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "db": "PACKETSTORM",
        "id": "137960"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4637",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "91834",
        "trust": 2.0
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0186",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1036344",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU94844193",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-96727",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-93456",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137960",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "db": "BID",
        "id": "91834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "PACKETSTORM",
        "id": "137960"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "id": "VAR-201607-0374",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:52:37.634000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2016-07-18-3 watchOS 2.2.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
      },
      {
        "title": "APPLE-SA-2016-07-18-2 iOS 9.3.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
      },
      {
        "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "title": "APPLE-SA-2016-07-18-4 tvOS 9.2.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
      },
      {
        "title": "HT206904",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206904"
      },
      {
        "title": "HT206902",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206902"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206903"
      },
      {
        "title": "HT206905",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206905"
      },
      {
        "title": "HT206905",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206905"
      },
      {
        "title": "HT206904",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206904"
      },
      {
        "title": "HT206902",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206902"
      },
      {
        "title": "HT206903",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206903"
      },
      {
        "title": "Multiple Apple Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63249"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91834"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206902"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206903"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206904"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206905"
      },
      {
        "trust": 1.7,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0186/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036344"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4637"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94844193/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4637"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/accessibility/tvos/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/watchos-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4637"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4616"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4609"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4626"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4627"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4619"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4615"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4628"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4632"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4614"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4631"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4610"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4608"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "db": "BID",
        "id": "91834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "PACKETSTORM",
        "id": "137960"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "db": "BID",
        "id": "91834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "db": "PACKETSTORM",
        "id": "137960"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "date": "2016-07-18T00:00:00",
        "db": "BID",
        "id": "91834"
      },
      {
        "date": "2016-07-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "date": "2016-07-19T20:00:50",
        "db": "PACKETSTORM",
        "id": "137960"
      },
      {
        "date": "2016-07-22T02:59:57.540000",
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "date": "2016-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93456"
      },
      {
        "date": "2016-07-18T00:00:00",
        "db": "BID",
        "id": "91834"
      },
      {
        "date": "2016-07-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      },
      {
        "date": "2019-03-25T16:53:04.477000",
        "db": "NVD",
        "id": "CVE-2016-4637"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  CoreGraphics Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004072"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-889"
      }
    ],
    "trust": 0.6
  }
}

GHSA-3CF4-2874-CF2H

Vulnerability from github – Published: 2022-05-14 01:16 – Updated: 2025-04-12 13:02

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4637"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-22T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.",
  "id": "GHSA-3cf4-2874-cf2h",
  "modified": "2025-04-12T13:02:48Z",
  "published": "2022-05-14T01:16:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4637"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206902"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206903"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206904"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206905"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91834"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036344"
    },
    {
      "type": "WEB",
      "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-4637

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4637

Aliases

CVE-2016-4637

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4637",
    "description": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.",
    "id": "GSD-2016-4637"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4637"
      ],
      "details": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.",
      "id": "GSD-2016-4637",
      "modified": "2023-12-13T01:21:18.862594Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4637",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1036344",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036344"
          },
          {
            "name": "http://www.talosintelligence.com/reports/TALOS-2016-0186/",
            "refsource": "MISC",
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
          },
          {
            "name": "APPLE-SA-2016-07-18-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
          },
          {
            "name": "APPLE-SA-2016-07-18-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
          },
          {
            "name": "91834",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91834"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "name": "https://support.apple.com/HT206905",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206905"
          },
          {
            "name": "https://support.apple.com/HT206903",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206903"
          },
          {
            "name": "https://support.apple.com/HT206902",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206902"
          },
          {
            "name": "https://support.apple.com/HT206904",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206904"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.3.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.11.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4637"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2016-07-18-2",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "https://support.apple.com/HT206905",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0186/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0186/"
            },
            {
              "name": "https://support.apple.com/HT206903",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "https://support.apple.com/HT206904",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "name": "https://support.apple.com/HT206902",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "name": "91834",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91834"
            },
            {
              "name": "1036344",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036344"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-25T16:53Z",
      "publishedDate": "2016-07-22T02:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4637 (GCVE-0-2016-4637)

FKIE_CVE-2016-4637

CNVD-2016-05573

CERTFR-2016-AVI-239

Solution

CERTFR-2016-AVI-239

Solution

VAR-201607-0374

GHSA-3CF4-2874-CF2H

GSD-2016-4637

Tags

Sightings

Nomenclature