Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-7600 (GCVE-0-2016-7600)
Vulnerability from cvelistv5 – Published: 2017-02-20 08:35 – Updated: 2024-08-06 02:04
VLAI?
EPSS
Summary
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037469"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT207423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "94903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037469"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT207423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-7600",
"datePublished": "2017-02-20T08:35:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:55.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.12.1\", \"matchCriteriaId\": \"1ACD43C5-75C1-4489-8617-77DFB9C23D10\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \\\"OpenPAM\\\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 est\\u00e1 afectado. El problema involucra al componente \\\"OpenPAM\\\" que permite a usuarios locales obtener informaci\\u00f3n sensible aprovechando el manejo incorrecto de una autenticaci\\u00f3n PAM fallida por una app aislada.\"}]",
"id": "CVE-2016-7600",
"lastModified": "2024-11-21T02:58:16.780",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.2, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-02-20T08:59:02.137",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/94903\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037469\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/HT207423\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.securityfocus.com/bid/94903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037469\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT207423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-7600\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-02-20T08:59:02.137\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \\\"OpenPAM\\\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 est\u00e1 afectado. El problema involucra al componente \\\"OpenPAM\\\" que permite a usuarios locales obtener informaci\u00f3n sensible aprovechando el manejo incorrecto de una autenticaci\u00f3n PAM fallida por una app aislada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.12.1\",\"matchCriteriaId\":\"1ACD43C5-75C1-4489-8617-77DFB9C23D10\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94903\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037469\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/HT207423\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/94903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT207423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
GHSA-QFR9-GRRJ-C6FG
Vulnerability from github – Published: 2022-05-17 02:25 – Updated: 2022-05-17 02:25
VLAI?
Details
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
Severity ?
6.2 (Medium)
{
"affected": [],
"aliases": [
"CVE-2016-7600"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-20T08:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.",
"id": "GHSA-qfr9-grrj-c6fg",
"modified": "2022-05-17T02:25:31Z",
"published": "2022-05-17T02:25:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7600"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207423"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037469"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2016-7600
Vulnerability from fkie_nvd - Published: 2017-02-20 08:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACD43C5-75C1-4489-8617-77DFB9C23D10",
"versionEndIncluding": "10.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 est\u00e1 afectado. El problema involucra al componente \"OpenPAM\" que permite a usuarios locales obtener informaci\u00f3n sensible aprovechando el manejo incorrecto de una autenticaci\u00f3n PAM fallida por una app aislada."
}
],
"id": "CVE-2016-7600",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-20T08:59:02.137",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/HT207423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT207423"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-201702-0199
Vulnerability from variot - Updated: 2023-12-18 11:43An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. OpenPAM is one of the components that allows administrator-defined user authentication and session management using loadable modules. A local attacker could exploit this vulnerability to gain access to the application. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-12-13-1 macOS 10.12.2
macOS 10.12.2 is now available and addresses the following:
apache_mod_php Available for: macOS Sierra 10.12.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26. CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418
AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
Assets Available for: macOS Sierra 10.12.1 Impact: A local attacker may modify downloaded mobile assets Description: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions. CVE-2016-7628: an anonymous researcher
Audio Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Bluetooth Available for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group
Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7605: daybreaker of Minionz
Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero
CoreCapture Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved state management. CVE-2016-7604: daybreaker of Minionz
CoreFoundation Available for: macOS Sierra 10.12.1 Impact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking. CVE-2016-7663: an anonymous researcher
CoreGraphics Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
CoreMedia External Displays Available for: macOS Sierra 10.12.1 Impact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day Initiative
CoreMedia Playback Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
CoreStorage Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
CoreText Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform Department
curl Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0. CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625
Directory Services Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7633: Ian Beer of Google Project Zero
Disk Images Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform Department
FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4688: Simon Huang of Alipay company, thelongestusernameofall@gmail.com
Foundation Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform Department
Grapher Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform Department
ICU Available for: macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7594: AndrA(c) Bargull
ImageIO Available for: macOS Sierra 10.12.1 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
Intel Graphics Driver Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
IOAcceleratorFamily Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
IOFireWireFamily Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to read kernel memory Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7608: Brandon Azad
IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-1823: Ian Beer of Google Project Zero
IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7591: daybreaker of Minionz
IOKit Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
IOKit Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day Initiative
IOSurface Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com) CVE-2016-7612: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space. CVE-2016-7607: Brandon Azad
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management. CVE-2016-7621: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7637: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7644: Ian Beer of Google Project Zero
kext tools Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7629: @cocoahuke
libarchive Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to overwrite existing files Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2016-7619: an anonymous researcher
LibreSSL Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304
OpenLDAP Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a default cipher. This was addressed with improved error handling. CVE-2016-7600: Perette Barella of DeviousFish.com
OpenSSL Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code Description: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation. CVE-2016-6303
OpenSSL Available for: macOS Sierra 10.12.1 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304
Power Management Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7661: Ian Beer of Google Project Zero
Security Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher. CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA Paris
Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Security Available for: macOS Sierra 10.12.1 Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates. CVE-2016-7662: Apple
syslog Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7660: Ian Beer of Google Project Zero
macOS 10.12.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh mMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl xTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX UhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE fHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP SJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC c63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh +x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4 OELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY xPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u 0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf msyz+/zQNISkly6K0VBO =0QW0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
}
],
"sources": [
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7600"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "daybreaker@Minionz working with Trend Micro\u0027s Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro\u0027s Zero Day In",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
],
"trust": 0.6
},
"cve": "CVE-2016-7600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7600",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-96420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.2,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-7600",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7600",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-502",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96420",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. OpenPAM is one of the components that allows administrator-defined user authentication and session management using loadable modules. A local attacker could exploit this vulnerability to gain access to the application. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-12-13-1 macOS 10.12.2\n\nmacOS 10.12.2 is now available and addresses the following:\n\napache_mod_php\nAvailable for: macOS Sierra 10.12.1\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues existed in PHP before 5.6.26. These were\naddressed by updating PHP to version 5.6.26. \nCVE-2016-7411\nCVE-2016-7412\nCVE-2016-7413\nCVE-2016-7414\nCVE-2016-7416\nCVE-2016-7417\nCVE-2016-7418\n\nAppleGraphicsPowerManagement\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7609: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nAssets\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may modify downloaded mobile assets\nDescription: A permissions issue existed in mobile assets. This issue\nwas addressed through improved access restrictions. \nCVE-2016-7628: an anonymous researcher\n\nAudio\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of\nSynopsys Software Integrity Group\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7605: daybreaker of Minionz\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7617: Radu Motspan working with Trend Micro\u0027s Zero Day\nInitiative, Ian Beer of Google Project Zero\n\nCoreCapture\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved state management. \nCVE-2016-7604: daybreaker of Minionz\n\nCoreFoundation\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing malicious strings may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nstrings. This issue was addressed through improved bounds checking. \nCVE-2016-7663: an anonymous researcher\n\nCoreGraphics\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\nunexpected application termination\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7627: TRAPMINE Inc. \u0026 Meysam Firouzi @R00tkitSMM\n\nCoreMedia External Displays\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application may be able to execute arbitrary code in\nthe context of the mediaserver daemon\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7655: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreMedia Playback\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted .mp4 file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\nCoreStorage\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7603: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreText\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\ncurl\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: Multiple issues existed in curl. These issues were\naddressed by updating to curl version 7.51.0. \nCVE-2016-5419\nCVE-2016-5420\nCVE-2016-5421\nCVE-2016-7141\nCVE-2016-7167\nCVE-2016-8615\nCVE-2016-8616\nCVE-2016-8617\nCVE-2016-8618\nCVE-2016-8619\nCVE-2016-8620\nCVE-2016-8621\nCVE-2016-8622\nCVE-2016-8623\nCVE-2016-8624\nCVE-2016-8625\n\nDirectory Services\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7633: Ian Beer of Google Project Zero\n\nDisk Images\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7616: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nFontParser\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2016-4688: Simon Huang of Alipay company,\nthelongestusernameofall@gmail.com\n\nFoundation\nAvailable for: macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nGrapher\nAvailable for: macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nICU\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7594: AndrA(c) Bargull\n\nImageIO\nAvailable for: macOS Sierra 10.12.1\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7602: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOAcceleratorFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOFireWireFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7608: Brandon Azad\n\nIOHIDFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-1823: Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7591: daybreaker of Minionz\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7657: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOSurface\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\nCVE-2016-7612: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: An insufficient initialization issue was addressed by\nproperly initializing memory returned to user space. \nCVE-2016-7607: Brandon Azad\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2016-7615: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7621: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7637: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7644: Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7629: @cocoahuke\n\nlibarchive\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may be able to overwrite existing files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2016-7619: an anonymous researcher\n\nLibreSSL\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nOpenLDAP\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: RC4 was removed as a default cipher. This was addressed with improved error handling. \nCVE-2016-7600: Perette Barella of DeviousFish.com\n\nOpenSSL\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code\nDescription: An overflow issue existed in MDC2_Update(). This issue\nwas addressed through improved input validation. \nCVE-2016-6303\n\nOpenSSL\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nPower Management\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7661: Ian Beer of Google Project Zero\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the 3DES\ncryptographic algorithm\nDescription: 3DES was removed as a default cipher. \nCVE-2016-4693: GaA\u003c\u003ctan Leurent and Karthikeyan Bhargavan from INRIA\nParis\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: A validation issue existed in the handling of OCSP\nresponder URLs. This issue was addressed by verifying OCSP revocation\nstatus after CA validation and limiting the number of OCSP requests\nper certificate. \nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: Certificates may be unexpectedly evaluated as trusted\nDescription: A certificate evaluation issue existed in certificate\nvalidation. This issue was addressed through additional validation of\ncertificates. \nCVE-2016-7662: Apple\n\nsyslog\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7660: Ian Beer of Google Project Zero\n\nmacOS 10.12.2 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh\nmMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl\nxTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX\nUhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE\nfHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP\nSJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC\nc63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh\n+x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4\nOELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY\nxPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u\n0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf\nmsyz+/zQNISkly6K0VBO\n=0QW0\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "VULHUB",
"id": "VHN-96420"
},
{
"db": "PACKETSTORM",
"id": "140151"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7600",
"trust": 2.9
},
{
"db": "BID",
"id": "94903",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037469",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97133642",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140151",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96420"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "PACKETSTORM",
"id": "140151"
},
{
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"id": "VAR-201702-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96420"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:43:25.066000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-12-13-1 macOS 10.12.2",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/dec/msg00003.html"
},
{
"title": "HT207423",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207423"
},
{
"title": "HT207423",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207423"
},
{
"title": "Apple macOS Sierra OpenPAM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66536"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "NVD",
"id": "CVE-2016-7600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94903"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207423"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037469"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7600"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97133642/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7600"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1823"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7416"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4691"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7596"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7600"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96420"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "PACKETSTORM",
"id": "140151"
},
{
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96420"
},
{
"db": "BID",
"id": "94903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"db": "PACKETSTORM",
"id": "140151"
},
{
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-96420"
},
{
"date": "2016-12-13T00:00:00",
"db": "BID",
"id": "94903"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"date": "2016-12-14T12:12:12",
"db": "PACKETSTORM",
"id": "140151"
},
{
"date": "2017-02-20T08:59:02.137000",
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"date": "2016-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-96420"
},
{
"date": "2016-12-20T00:09:00",
"db": "BID",
"id": "94903"
},
{
"date": "2017-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007387"
},
{
"date": "2017-07-27T01:29:02.507000",
"db": "NVD",
"id": "CVE-2016-7600"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple macOS of OpenPAM Vulnerability in obtaining important information in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007387"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-502"
}
],
"trust": 0.6
}
}
CNVD-2016-12735
Vulnerability from cnvd - Published: 2016-12-21
VLAI Severity ?
Title
Apple macOS Sierra OpenPAM组件信息泄露漏洞
Description
Apple macOS Sierra是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。OpenPAM是其中的一个允许使用可加载的模块实现管理员所定义的用户认证和会话管理组件。
Apple macOS Sierra 10.12.2之前的版本中的OpenPAM组件存在安全漏洞。本地攻击者可利用该漏洞获取应用程序的访问权限。
Severity
低
Patch Name
Apple macOS Sierra OpenPAM组件信息泄露漏洞的补丁
Patch Description
Apple macOS Sierra是美国苹果(Apple)公司为Mac计算机所开发的一套专用操作系统。OpenPAM是其中的一个允许使用可加载的模块实现管理员所定义的用户认证和会话管理组件。
Apple macOS Sierra 10.12.2之前的版本中的OpenPAM组件存在安全漏洞。本地攻击者可利用该漏洞获取应用程序的访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://support.apple.com/zh-cn/HT207423
Reference
http://www.securityfocus.com/bid/94903
Impacted products
| Name | Apple macOS Sierra <10.12.2 |
|---|
{
"bids": {
"bid": {
"bidNumber": "94903"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-7600"
}
},
"description": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002OpenPAM\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5141\u8bb8\u4f7f\u7528\u53ef\u52a0\u8f7d\u7684\u6a21\u5757\u5b9e\u73b0\u7ba1\u7406\u5458\u6240\u5b9a\u4e49\u7684\u7528\u6237\u8ba4\u8bc1\u548c\u4f1a\u8bdd\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Sierra 10.12.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684OpenPAM\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "Perette Barella of DeviousFish.com",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT207423",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-12735",
"openTime": "2016-12-21",
"patchDescription": "Apple macOS Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e00\u5957\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002OpenPAM\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5141\u8bb8\u4f7f\u7528\u53ef\u52a0\u8f7d\u7684\u6a21\u5757\u5b9e\u73b0\u7ba1\u7406\u5458\u6240\u5b9a\u4e49\u7684\u7528\u6237\u8ba4\u8bc1\u548c\u4f1a\u8bdd\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nApple macOS Sierra 10.12.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684OpenPAM\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple macOS Sierra OpenPAM\u7ec4\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple macOS Sierra \u003c10.12.2"
},
"referenceLink": "http://www.securityfocus.com/bid/94903",
"serverity": "\u4f4e",
"submitTime": "2016-12-16",
"title": "Apple macOS Sierra OpenPAM\u7ec4\u4ef6\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
GSD-2016-7600
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7600",
"description": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.",
"id": "GSD-2016-7600"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7600"
],
"details": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.",
"id": "GSD-2016-7600",
"modified": "2023-12-13T01:21:20.336206Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7600"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/HT207423"
},
{
"name": "94903",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1037469"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-07-27T01:29Z",
"publishedDate": "2017-02-20T08:59Z"
}
}
}
CERTFR-2016-AVI-411
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2016-7646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7646"
},
{
"name": "CVE-2016-7615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7615"
},
{
"name": "CVE-2016-7411",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7411"
},
{
"name": "CVE-2016-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7643"
},
{
"name": "CVE-2016-7624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7624"
},
{
"name": "CVE-2016-7589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7589"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7645"
},
{
"name": "CVE-2016-7650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7650"
},
{
"name": "CVE-2016-7591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7591"
},
{
"name": "CVE-2016-7629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7629"
},
{
"name": "CVE-2016-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7637"
},
{
"name": "CVE-2016-7649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7649"
},
{
"name": "CVE-2016-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4688"
},
{
"name": "CVE-2016-7640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7640"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-7620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7620"
},
{
"name": "CVE-2016-7587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7587"
},
{
"name": "CVE-2016-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7616"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7659"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-7663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7663"
},
{
"name": "CVE-2016-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7648"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2016-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7595"
},
{
"name": "CVE-2016-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7657"
},
{
"name": "CVE-2016-7639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7639"
},
{
"name": "CVE-2016-7610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7610"
},
{
"name": "CVE-2016-7605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7605"
},
{
"name": "CVE-2016-7588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7588"
},
{
"name": "CVE-2016-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7636"
},
{
"name": "CVE-2016-7602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7602"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-7652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7652"
},
{
"name": "CVE-2016-7641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7641"
},
{
"name": "CVE-2016-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7642"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7608"
},
{
"name": "CVE-2016-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4743"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2016-7621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7621"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2016-7606",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7606"
},
{
"name": "CVE-2016-7418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7418"
},
{
"name": "CVE-2016-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7614"
},
{
"name": "CVE-2016-7596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7596"
},
{
"name": "CVE-2016-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4691"
},
{
"name": "CVE-2016-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4692"
},
{
"name": "CVE-2016-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7592"
},
{
"name": "CVE-2016-7604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7604"
},
{
"name": "CVE-2016-7586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7586"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2016-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7654"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2016-7609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7609"
},
{
"name": "CVE-2016-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7611"
},
{
"name": "CVE-2016-7416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7416"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2016-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7635"
},
{
"name": "CVE-2016-7599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7599"
},
{
"name": "CVE-2016-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4693"
},
{
"name": "CVE-2016-7633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7633"
},
{
"name": "CVE-2016-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7658"
},
{
"name": "CVE-2016-7417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7417"
},
{
"name": "CVE-2016-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7662"
},
{
"name": "CVE-2016-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7660"
},
{
"name": "CVE-2016-7612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7612"
},
{
"name": "CVE-2016-7414",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7414"
},
{
"name": "CVE-2016-7625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7625"
},
{
"name": "CVE-2016-7644",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7644"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1823"
},
{
"name": "CVE-2016-7412",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7412"
},
{
"name": "CVE-2016-7627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7627"
},
{
"name": "CVE-2016-7632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7632"
},
{
"name": "CVE-2016-7661",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7661"
},
{
"name": "CVE-2016-7607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7607"
},
{
"name": "CVE-2016-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7655"
},
{
"name": "CVE-2016-7594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7594"
},
{
"name": "CVE-2016-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7598"
},
{
"name": "CVE-2016-7622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7622"
},
{
"name": "CVE-2016-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7656"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-7617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7617"
},
{
"name": "CVE-2016-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7619"
},
{
"name": "CVE-2016-7600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7600"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2016-7603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7603"
},
{
"name": "CVE-2016-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7618"
},
{
"name": "CVE-2016-7413",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7413"
},
{
"name": "CVE-2016-7628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7628"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-411",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207424 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207424"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207421 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207427 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207427"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207423 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207423"
}
]
}
CERTFR-2016-AVI-411
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple macOS Sierra versions ant\u00e9rieures \u00e0 10.12.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2016-7646",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7646"
},
{
"name": "CVE-2016-7615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7615"
},
{
"name": "CVE-2016-7411",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7411"
},
{
"name": "CVE-2016-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7643"
},
{
"name": "CVE-2016-7624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7624"
},
{
"name": "CVE-2016-7589",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7589"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2016-7645",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7645"
},
{
"name": "CVE-2016-7650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7650"
},
{
"name": "CVE-2016-7591",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7591"
},
{
"name": "CVE-2016-7629",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7629"
},
{
"name": "CVE-2016-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7637"
},
{
"name": "CVE-2016-7649",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7649"
},
{
"name": "CVE-2016-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4688"
},
{
"name": "CVE-2016-7640",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7640"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2016-7620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7620"
},
{
"name": "CVE-2016-7587",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7587"
},
{
"name": "CVE-2016-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7616"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2016-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7659"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2016-7663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7663"
},
{
"name": "CVE-2016-7648",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7648"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2016-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7595"
},
{
"name": "CVE-2016-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7657"
},
{
"name": "CVE-2016-7639",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7639"
},
{
"name": "CVE-2016-7610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7610"
},
{
"name": "CVE-2016-7605",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7605"
},
{
"name": "CVE-2016-7588",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7588"
},
{
"name": "CVE-2016-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7636"
},
{
"name": "CVE-2016-7602",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7602"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-7652",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7652"
},
{
"name": "CVE-2016-7641",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7641"
},
{
"name": "CVE-2016-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7642"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2016-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7608"
},
{
"name": "CVE-2016-4743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4743"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2016-7621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7621"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2016-7606",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7606"
},
{
"name": "CVE-2016-7418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7418"
},
{
"name": "CVE-2016-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7614"
},
{
"name": "CVE-2016-7596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7596"
},
{
"name": "CVE-2016-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4691"
},
{
"name": "CVE-2016-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4692"
},
{
"name": "CVE-2016-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7592"
},
{
"name": "CVE-2016-7604",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7604"
},
{
"name": "CVE-2016-7586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7586"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2016-7654",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7654"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2016-7609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7609"
},
{
"name": "CVE-2016-7611",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7611"
},
{
"name": "CVE-2016-7416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7416"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2016-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7635"
},
{
"name": "CVE-2016-7599",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7599"
},
{
"name": "CVE-2016-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4693"
},
{
"name": "CVE-2016-7633",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7633"
},
{
"name": "CVE-2016-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7658"
},
{
"name": "CVE-2016-7417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7417"
},
{
"name": "CVE-2016-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7662"
},
{
"name": "CVE-2016-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7660"
},
{
"name": "CVE-2016-7612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7612"
},
{
"name": "CVE-2016-7414",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7414"
},
{
"name": "CVE-2016-7625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7625"
},
{
"name": "CVE-2016-7644",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7644"
},
{
"name": "CVE-2016-1777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
},
{
"name": "CVE-2016-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1823"
},
{
"name": "CVE-2016-7412",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7412"
},
{
"name": "CVE-2016-7627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7627"
},
{
"name": "CVE-2016-7632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7632"
},
{
"name": "CVE-2016-7661",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7661"
},
{
"name": "CVE-2016-7607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7607"
},
{
"name": "CVE-2016-7655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7655"
},
{
"name": "CVE-2016-7594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7594"
},
{
"name": "CVE-2016-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7598"
},
{
"name": "CVE-2016-7622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7622"
},
{
"name": "CVE-2016-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7656"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2016-7617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7617"
},
{
"name": "CVE-2016-7619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7619"
},
{
"name": "CVE-2016-7600",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7600"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2016-7603",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7603"
},
{
"name": "CVE-2016-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7618"
},
{
"name": "CVE-2016-7413",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7413"
},
{
"name": "CVE-2016-7628",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7628"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
}
],
"links": [],
"reference": "CERTFR-2016-AVI-411",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207424 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207424"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207421 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207421"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207427 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207427"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207423 du 13 d\u00e9cembre 2016",
"url": "https://support.apple.com/en-us/HT207423"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…