cvelistv5 - cve-2016-4669

CVE-2016-4669 (GCVE-0-2016-4669)

Vulnerability from cvelistv5 – Published: 2017-02-20 08:35 – Updated: 2024-08-06 00:39

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT207271	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037086	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/93849	vdb-entryx_refsource_BID
	https://support.apple.com/HT207269	x_refsource_CONFIRM
	https://support.apple.com/HT207270	x_refsource_CONFIRM
	https://support.apple.com/HT207275	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/40654/	exploitx_refsource_EXPLOIT-DB
	http://packetstormsecurity.com/files/158874/Safar…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:39:25.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207271"
          },
          {
            "name": "1037086",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037086"
          },
          {
            "name": "93849",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93849"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207269"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207270"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207275"
          },
          {
            "name": "40654",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40654/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-14T22:06:12",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207271"
        },
        {
          "name": "1037086",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037086"
        },
        {
          "name": "93849",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93849"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207269"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207270"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207275"
        },
        {
          "name": "40654",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40654/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4669",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207271",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207271"
            },
            {
              "name": "1037086",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037086"
            },
            {
              "name": "93849",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93849"
            },
            {
              "name": "https://support.apple.com/HT207269",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207269"
            },
            {
              "name": "https://support.apple.com/HT207270",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207270"
            },
            {
              "name": "https://support.apple.com/HT207275",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207275"
            },
            {
              "name": "40654",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40654/"
            },
            {
              "name": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2016-4669",
    "datePublished": "2017-02-20T08:35:00",
    "dateReserved": "2016-05-11T00:00:00",
    "dateUpdated": "2024-08-06T00:39:25.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.1\", \"matchCriteriaId\": \"31522691-8429-479C-A288-9ADB0916784C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.12.1\", \"matchCriteriaId\": \"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.1\", \"matchCriteriaId\": \"0D75F9F4-8E2C-4997-B663-F50841B3AA80\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.1\", \"matchCriteriaId\": \"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \\\"Kernel\\\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 est\\u00e1 afectado. macOS en versiones anteriores a 10.12.1 est\\u00e1 afectado. tvOS en versiones anteriores a 10.0.1 est\\u00e1 afectado. watchOS en versiones anteriores a 3.1 est\\u00e1 afectado. El problema involucra al componente \\\"Kernel\\\". Esto permite a los usuarios locales ejecutar c\\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\\u00f3n de servicio (manejo incorrecto de c\\u00f3digo MIG y ca\\u00edda del sistema) a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2016-4669",
      "lastModified": "2024-11-21T02:52:44.270",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-20T08:59:00.510",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securityfocus.com/bid/93849\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037086\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT207269\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207270\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207271\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207275\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40654/\", \"source\": \"product-security@apple.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/93849\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037086\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT207269\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207270\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207275\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/40654/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-4669\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-02-20T08:59:00.510\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \\\"Kernel\\\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 est\u00e1 afectado. macOS en versiones anteriores a 10.12.1 est\u00e1 afectado. tvOS en versiones anteriores a 10.0.1 est\u00e1 afectado. watchOS en versiones anteriores a 3.1 est\u00e1 afectado. El problema involucra al componente \\\"Kernel\\\". Esto permite a los usuarios locales ejecutar c\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\u00f3n de servicio (manejo incorrecto de c\u00f3digo MIG y ca\u00edda del sistema) a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1\",\"matchCriteriaId\":\"31522691-8429-479C-A288-9ADB0916784C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.12.1\",\"matchCriteriaId\":\"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1\",\"matchCriteriaId\":\"0D75F9F4-8E2C-4997-B663-F50841B3AA80\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1\",\"matchCriteriaId\":\"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/93849\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037086\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207269\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207270\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207271\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207275\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/40654/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037086\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/40654/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2016-AVI-359

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Apple macOS Sierra versions antérieures à 10.12.1
Apple	N/A	Apple iOS versions antérieures à 10.1
Apple	N/A	Apple watchOS versions antérieures à 3.1
Apple	Safari	Apple Safari versions antérieures à 10.0.1
Apple	N/A	Apple tvOS versions antérieures à 10.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207270 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207269 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207271 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207272 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207275 du 24 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 10.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4678"
    },
    {
      "name": "CVE-2016-4680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4680"
    },
    {
      "name": "CVE-2016-7579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7579"
    },
    {
      "name": "CVE-2016-4675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4675"
    },
    {
      "name": "CVE-2016-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4664"
    },
    {
      "name": "CVE-2016-4663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4663"
    },
    {
      "name": "CVE-2016-4613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4613"
    },
    {
      "name": "CVE-2016-4660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4660"
    },
    {
      "name": "CVE-2016-4666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4666"
    },
    {
      "name": "CVE-2016-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4674"
    },
    {
      "name": "CVE-2016-4662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4662"
    },
    {
      "name": "CVE-2016-4679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4679"
    },
    {
      "name": "CVE-2016-4661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4661"
    },
    {
      "name": "CVE-2016-4667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4667"
    },
    {
      "name": "CVE-2016-4665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4665"
    },
    {
      "name": "CVE-2016-4677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4677"
    },
    {
      "name": "CVE-2016-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4670"
    },
    {
      "name": "CVE-2016-4671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4671"
    },
    {
      "name": "CVE-2016-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4673"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4669"
    },
    {
      "name": "CVE-2016-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4682"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-359",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207270 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207269 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207269"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207271 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207271"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207272 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207272"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207275 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207275"
    }
  ]
}

CERTFR-2016-AVI-359

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Apple macOS Sierra versions antérieures à 10.12.1
Apple	N/A	Apple iOS versions antérieures à 10.1
Apple	N/A	Apple watchOS versions antérieures à 3.1
Apple	Safari	Apple Safari versions antérieures à 10.0.1
Apple	N/A	Apple tvOS versions antérieures à 10.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207270 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207269 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207271 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207272 du 24 octobre 2016	None	vendor-advisory
Bulletin de sécurité Apple HT207275 du 24 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 10.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 10.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4678"
    },
    {
      "name": "CVE-2016-4680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4680"
    },
    {
      "name": "CVE-2016-7579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7579"
    },
    {
      "name": "CVE-2016-4675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4675"
    },
    {
      "name": "CVE-2016-4664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4664"
    },
    {
      "name": "CVE-2016-4663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4663"
    },
    {
      "name": "CVE-2016-4613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4613"
    },
    {
      "name": "CVE-2016-4660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4660"
    },
    {
      "name": "CVE-2016-4666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4666"
    },
    {
      "name": "CVE-2016-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4674"
    },
    {
      "name": "CVE-2016-4662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4662"
    },
    {
      "name": "CVE-2016-4679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4679"
    },
    {
      "name": "CVE-2016-4661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4661"
    },
    {
      "name": "CVE-2016-4667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4667"
    },
    {
      "name": "CVE-2016-4665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4665"
    },
    {
      "name": "CVE-2016-4677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4677"
    },
    {
      "name": "CVE-2016-4670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4670"
    },
    {
      "name": "CVE-2016-4671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4671"
    },
    {
      "name": "CVE-2016-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4673"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4669"
    },
    {
      "name": "CVE-2016-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4682"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-359",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207270 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207269 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207269"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207271 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207271"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207272 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207272"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207275 du 24 octobre 2016",
      "url": "https://support.apple.com/en-us/HT207275"
    }
  ]
}

VAR-201702-0329

Vulnerability from variot - Updated: 2024-02-13 20:19

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. Apple macOS, watchOS, iOS and tvOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges, obtain sensitive information and overwrite arbitrary files. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 10.1, watchOS 3.1, macOS 10.12.1 and tvOS 10.0.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. CVE-2016-4669: Ian Beer of Google Project Zero

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About". CVE-2016-4662: Apple

AppleSMC Available for: macOS Sierra 10.12 Impact: A local user may be able to elevate privileges Description: A null pointer dereference was addressed through improved locking. CVE-2016-4671: Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn)

ImageIO Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 Impact: Processing a maliciously crafted image may result in the disclosure of process memory Description: An out-of-bounds read issue existed in the SGI image parsing. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-10-24-1 iOS 10.1

iOS 10.1 is now available and addresses the following:

CFNetwork Proxies Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts. CVE-2016-7579: Jerry Decime

Contacts Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to maintain access to the Address Book after access is revoked in Settings Description: An access control issue in the Address Book was addressed through improved file-link validation. CVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)

CoreGraphics Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

FaceTime Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com

FontParser Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4660: Ke Liu of Tencent's Xuanwu Lab

Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to disclose kernel memory Description: A validation issue was addressed through improved input sanitization. CVE-2016-4680: Max Bazaliy of Lookout and in7egral

libarchive Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious archive may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2016-4679: Omer Medan of enSilo Ltd

libxpc Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with root privileges Description: A logic issue was addressed through additional restrictions. CVE-2016-4675: Ian Beer of Google Project Zero

Sandbox Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to retrieve metadata of photo directories Description: An access issue was addressed through additional sandbox restrictions on third party applications. CVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)

Sandbox Profiles Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to retrieve metadata of audio recording directories Description: An access issue was addressed through additional sandbox restrictions on third party applications. CVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)

System Boot Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation. CVE-2016-4669: Ian Beer of Google Project Zero

WebKit Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4677: An anonymous researcher working with Trend Micro's Zero Day Initiative

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "10.1".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d 5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY q/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5 EyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq HSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q paXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/ yxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs MEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl RmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2 AqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe fahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV m7KJFe1t8NabLisqOrHI =vxwr -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0329",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.12"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.1   (ipad first  4 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.1   (iphone 5 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.1   (ipod touch first  6 after generation )"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.0.1   (apple tv first  4 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.1   (apple watch all models )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.0.0"
      },
      {
        "model": "watch os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "3.0.0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.2"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.11.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "tvos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "macos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.12.1"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "timwr, WanderingGlitch, Ian Beer, kudima",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-4669",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-4669",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-93488",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-4669",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-4669",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-712",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-93488",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-4669",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. Apple macOS, watchOS, iOS and tvOS are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with  elevated privileges, obtain sensitive information and overwrite  arbitrary files. Failed exploit attempts may result  in a   denial-of-service condition. \nVersions prior to iOS 10.1, watchOS 3.1, macOS 10.12.1 and tvOS 10.0.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. \nCVE-2016-4669: Ian Beer of Google Project Zero\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \nCVE-2016-4662: Apple\n\nAppleSMC\nAvailable for:  macOS Sierra 10.12\nImpact: A local user may be able to elevate privileges\nDescription: A null pointer dereference was addressed through\nimproved locking. \nCVE-2016-4671: Ke Liu of Tencent\u0027s Xuanwu Lab, Juwei Lin\n(@fuzzerDOTcn)\n\nImageIO\nAvailable for:  OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6\nImpact: Processing a maliciously crafted image may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read issue existed in the SGI image\nparsing. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-24-1 iOS 10.1\n\niOS 10.1 is now available and addresses the following:\n\nCFNetwork Proxies\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: A phishing issue existed in the handling of proxy\ncredentials. This issue was addressed by removing unsolicited proxy\npassword authentication prompts. \nCVE-2016-7579: Jerry Decime\n\nContacts\nAvailable for: iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to maintain access to the Address\nBook after access is revoked in Settings\nDescription: An access control issue in the Address Book was\naddressed through improved file-link validation. \nCVE-2016-4686: Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nCoreGraphics\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),\nTencent\n\nFaceTime\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635: Martin Vigo (@martin_vigo) of salesforce.com\n\nFontParser\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Parsing a maliciously crafted font may disclose sensitive\nuser information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4660: Ke Liu of Tencent\u0027s Xuanwu Lab\n\nKernel\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to disclose kernel memory\nDescription: A validation issue was addressed through improved input\nsanitization. \nCVE-2016-4680: Max Bazaliy of Lookout and in7egral\n\nlibarchive\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: A malicious archive may be able to overwrite arbitrary files\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-2016-4679: Omer Medan of enSilo Ltd\n\nlibxpc\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A logic issue was addressed through additional\nrestrictions. \nCVE-2016-4675: Ian Beer of Google Project Zero\n\nSandbox Profiles\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to retrieve metadata of photo\ndirectories\nDescription: An access issue was addressed through additional sandbox\nrestrictions on third party applications. \nCVE-2016-4664: Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nSandbox Profiles\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: An application may be able to retrieve metadata of audio\nrecording directories\nDescription: An access issue was addressed through additional sandbox\nrestrictions on third party applications. \nCVE-2016-4665: Razvan Deaconescu, Mihai Chiroiu (University\nPOLITEHNICA of Bucharest); Luke Deshotels, William Enck (North\nCarolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi\n(TU Darmstadt)\n\nSystem Boot\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed through improved\nvalidation. \nCVE-2016-4669: Ian Beer of Google Project Zero\n\nWebKit\nAvailable for:  iPhone 5 and later, iPad 4th generation and later,\niPod touch 6th generation and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2016-4677: An anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"10.1\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYDlqUAAoJEIOj74w0bLRGj64P/1A9yH47yTZLjBHdmy+eoz/d\n5AZSnF/cyDeyeTb+Z8ELzVJMsucpJy7Xyv32IxvgSji8IplKkinw66j7mErs1/YY\nq/IQCD8NM6IOZVcgiL/aUDFWtxmAUHwRftAk36RTaglMoeWx23I36NFN7xbhWUL5\nEyMXoQzNUHQ38bReQqpXEEwydMin1iFPed0207714PnmfvM7o5LGRBRjjJ1gOQLq\nHSNKfay/L1hSFZFkwkjqgvbelRzhvDr4eqEFriBf39u8a8uLAG92fuV9QMoF7p7q\npaXwZk4fWMlHi8Xr3fg2gaW0MjSMrz6oJwOpZRdPKwLl2IW7fMuk+oIBPcRVl8m/\nyxZxZlq4DpCjnp0mfNRx9YuVWwCKNjqtzYj1hirhL654jkTW+1cO1rvewVFOPPIs\nMEYoSecYN09g7aBer0tPE4GcekMW0cEV4rzQI/0Jy+lIfdFwSjmz1GdZnpPMIwZl\nRmI/Eda0O9OkwNbqU+E+6DdCL2r/cCflj3QwNxEDtYNgCPuz7tlwVBqqkewVVYH2\nAqQtNQZEXeRDS04ncQgrhoXnTfcnM1TRaOzuy58/sJfk707TV9NZiahMiEbqUxhe\nfahnRE4YUFpvwJZFegNKztUrdeNe56YAhBTksDNA49rpY4TgN8x5G2byt5txr7xV\nm7KJFe1t8NabLisqOrHI\n=vxwr\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "BID",
        "id": "93849"
      },
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "db": "PACKETSTORM",
        "id": "139324"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "PACKETSTORM",
        "id": "139319"
      },
      {
        "db": "PACKETSTORM",
        "id": "139323"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-93488",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40654",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-4669",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "93849",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "158874",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1037086",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40654",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU90743185",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712",
        "trust": 0.7
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2020080074",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "139385",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-93488",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139324",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139320",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139319",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139323",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "db": "BID",
        "id": "93849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "PACKETSTORM",
        "id": "139324"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "PACKETSTORM",
        "id": "139319"
      },
      {
        "db": "PACKETSTORM",
        "id": "139323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "id": "VAR-201702-0329",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T20:19:29.543000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2016-10-24-4 tvOS 10.0.1",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2016/oct/msg00003.html"
      },
      {
        "title": "APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2016/oct/msg00001.html"
      },
      {
        "title": "APPLE-SA-2016-10-24-1 iOS 10.1",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2016/oct/msg00000.html"
      },
      {
        "title": "APPLE-SA-2016-10-24-5 watchOS 3.1",
        "trust": 0.8,
        "url": "https://lists.apple.com/archives/security-announce/2016/oct/msg00004.html"
      },
      {
        "title": "HT207269",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207269"
      },
      {
        "title": "HT207270",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207270"
      },
      {
        "title": "HT207271",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207271"
      },
      {
        "title": "HT207275",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207275"
      },
      {
        "title": "HT207270",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207270"
      },
      {
        "title": "HT207271",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207271"
      },
      {
        "title": "HT207275",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207275"
      },
      {
        "title": "HT207269",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207269"
      },
      {
        "title": "Multiple Apple product System Boot Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65075"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/93849"
      },
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/158874/safari-webkit-for-ios-7.1.2-jit-optimization-bug.html"
      },
      {
        "trust": 1.9,
        "url": "https://www.exploit-db.com/exploits/40654/"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207269"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207270"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207271"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht207275"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1037086"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4669"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu90743185/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4669"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2020080074"
      },
      {
        "trust": 0.4,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.4,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.4,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4679"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4669"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4675"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4660"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4673"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/accessibility/tvos/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/watchos-2/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipad/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ipodtouch/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-ie/ht207271"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-ie/ht207275"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-ie/ht207270"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-ie/ht207269"
      },
      {
        "trust": 0.3,
        "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=893\u0026can=1\u0026q=\u0026sort=-modified%20-id\u0026colspec=id%20status%20owner%20summary%20modified%20cve"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4664"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4665"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4680"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7579"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4635"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4677"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/modules/exploit/apple_ios/browser/safari_jit/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4682"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4661"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4678"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4667"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4662"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4674"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4663"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4686"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "db": "BID",
        "id": "93849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "PACKETSTORM",
        "id": "139324"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "PACKETSTORM",
        "id": "139319"
      },
      {
        "db": "PACKETSTORM",
        "id": "139323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "db": "BID",
        "id": "93849"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "db": "PACKETSTORM",
        "id": "139324"
      },
      {
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "db": "PACKETSTORM",
        "id": "139319"
      },
      {
        "db": "PACKETSTORM",
        "id": "139323"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "date": "2017-02-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "date": "2016-10-24T00:00:00",
        "db": "BID",
        "id": "93849"
      },
      {
        "date": "2017-03-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "date": "2016-10-24T23:34:22",
        "db": "PACKETSTORM",
        "id": "139324"
      },
      {
        "date": "2016-10-24T21:46:59",
        "db": "PACKETSTORM",
        "id": "139320"
      },
      {
        "date": "2016-10-24T21:43:56",
        "db": "PACKETSTORM",
        "id": "139319"
      },
      {
        "date": "2016-10-24T23:01:11",
        "db": "PACKETSTORM",
        "id": "139323"
      },
      {
        "date": "2016-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "date": "2017-02-20T08:59:00.510000",
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-08-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-93488"
      },
      {
        "date": "2020-08-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-4669"
      },
      {
        "date": "2016-11-24T01:08:00",
        "db": "BID",
        "id": "93849"
      },
      {
        "date": "2017-03-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      },
      {
        "date": "2020-08-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      },
      {
        "date": "2020-08-14T23:15:12.107000",
        "db": "NVD",
        "id": "CVE-2016-4669"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007429"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-712"
      }
    ],
    "trust": 0.6
  }
}

GHSA-Q94R-C3HR-HH25

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2025-04-20 03:33

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-4669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-20T08:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.",
  "id": "GHSA-q94r-c3hr-hh25",
  "modified": "2025-04-20T03:33:04Z",
  "published": "2022-05-13T01:23:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4669"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207269"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207270"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207271"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207275"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40654"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93849"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037086"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-10407

Vulnerability from cnvd - Published: 2016-10-31

Title

多款Apple产品System Boot输入验证漏洞

Description

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；tvOS是一套智能电视操作系统；watchOS是一套智能手表操作系统。System Boot是其中的一个系统启动组件。多款Apple产品中的System Boot中的MIG generated代码存在输入验证漏洞。本地攻击者可利用该漏洞造成系统意外终止或在内核上执行任意代码。

Severity

中

Patch Name

多款Apple产品System Boot输入验证漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.apple.com/en-ie/HT207271

Reference

http://www.securityfocus.com/bid/93849

Impacted products

Name
['Apple IOS <10.1', 'Apple tvOS <10.0.1', 'Apple watchOS <3.1', 'Apple macOS Sierra <10.12.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4669"
    }
  },
  "description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\uff1bwatchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002System Boot\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u542f\u52a8\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684System Boot\u4e2d\u7684MIG generated\u4ee3\u7801\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u610f\u5916\u7ec8\u6b62\u6216\u5728\u5185\u6838\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Ian Beer of Google Project Zero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-ie/HT207271",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10407",
  "openTime": "2016-10-31",
  "patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1btvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\uff1bwatchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002System Boot\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7cfb\u7edf\u542f\u52a8\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684System Boot\u4e2d\u7684MIG generated\u4ee3\u7801\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u610f\u5916\u7ec8\u6b62\u6216\u5728\u5185\u6838\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1System Boot\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c10.1",
      "Apple tvOS \u003c10.0.1",
      "Apple watchOS \u003c3.1",
      "Apple macOS Sierra \u003c10.12.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/93849",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-27",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1System Boot\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e"
}

GSD-2016-4669

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-4669

Aliases

CVE-2016-4669

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4669",
    "description": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.",
    "id": "GSD-2016-4669",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2016-4669"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4669"
      ],
      "details": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.",
      "id": "GSD-2016-4669",
      "modified": "2023-12-13T01:21:18.601737Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-4669",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT207271",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207271"
          },
          {
            "name": "1037086",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037086"
          },
          {
            "name": "93849",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93849"
          },
          {
            "name": "https://support.apple.com/HT207269",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207269"
          },
          {
            "name": "https://support.apple.com/HT207270",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207270"
          },
          {
            "name": "https://support.apple.com/HT207275",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207275"
          },
          {
            "name": "40654",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40654/"
          },
          {
            "name": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.12.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-4669"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207275",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207275"
            },
            {
              "name": "https://support.apple.com/HT207271",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207271"
            },
            {
              "name": "https://support.apple.com/HT207270",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207270"
            },
            {
              "name": "https://support.apple.com/HT207269",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207269"
            },
            {
              "name": "93849",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93849"
            },
            {
              "name": "1037086",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037086"
            },
            {
              "name": "40654",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/40654/"
            },
            {
              "name": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-14T23:15Z",
      "publishedDate": "2017-02-20T08:59Z"
    }
  }
}

FKIE_CVE-2016-4669

Vulnerability from fkie_nvd - Published: 2017-02-20 08:59 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html
product-security@apple.com	http://www.securityfocus.com/bid/93849	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1037086	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT207269	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207270	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207271	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207275	Vendor Advisory
product-security@apple.com	https://www.exploit-db.com/exploits/40654/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93849	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037086	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207269	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207270	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207271	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207275	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40654/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	mac_os_x	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31522691-8429-479C-A288-9ADB0916784C",
              "versionEndExcluding": "10.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9A3484-1C0D-41F0-BA61-032A98BAD2A9",
              "versionEndExcluding": "10.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D75F9F4-8E2C-4997-B663-F50841B3AA80",
              "versionEndExcluding": "10.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF",
              "versionEndExcluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 est\u00e1 afectado. macOS en versiones anteriores a 10.12.1 est\u00e1 afectado. tvOS en versiones anteriores a 10.0.1 est\u00e1 afectado. watchOS en versiones anteriores a 3.1 est\u00e1 afectado. El problema involucra al componente \"Kernel\". Esto permite a los usuarios locales ejecutar c\u00f3digo arbitrario en un contexto privilegiado o provocar una denegaci\u00f3n de servicio (manejo incorrecto de c\u00f3digo MIG y ca\u00edda del sistema) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-4669",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-20T08:59:00.510",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93849"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037086"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207269"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207270"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207271"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207275"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40654/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037086"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40654/"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4669 (GCVE-0-2016-4669)

CERTFR-2016-AVI-359

Solution

CERTFR-2016-AVI-359

Solution

VAR-201702-0329

GHSA-Q94R-C3HR-HH25

CNVD-2016-10407

GSD-2016-4669

FKIE_CVE-2016-4669

Tags

Sightings

Nomenclature