var-201607-0356
Vulnerability from variot
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. This vulnerability CVE-2016-4614 , CVE-2016-4616 ,and CVE-2016-4619 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, Safari, tvOS and watchOS are all products of Apple Inc. in the United States. Apple iOS is a set of operating systems developed for mobile devices; Apple OS X is a set of dedicated operating systems developed for Mac computers; and the default browser that comes with the iOS operating system; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Libxml2 is one of the function library components based on C language for parsing XML documents. A security vulnerability exists in libxml2 in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-4 tvOS 9.2.2
tvOS 9.2.2 is now available and addresses the following:
CoreGraphics Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
IOAcceleratorFamily Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-2016-4627 : Ju Zhu of Trend Micro
IOHIDFamily Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxml2 Available for: Apple TV (4th generation) Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Sandbox Profiles Available for: Apple TV (4th generation) Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to a system denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4592 : Mikhail
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4586 : Apple CVE-2016-4588 : Apple CVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day Initiative CVE-2016-4623 : Apple CVE-2016-4624 : Apple
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4587 : Apple
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may compromise user information on the file system Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. CVE-2016-4591 : ma.la of LINE Corporation
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation. CVE-2016-4583 : Roeland Krak
WebKit Page Loading Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4584 : Chris Vienneau
WebKit Page Loading Available for: Apple TV (4th generation) Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection. CVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select "Settings -> General -> About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXA+AAoJEIOj74w0bLRGi6IP/2DDPP2Z208nJPL0+a+bMJA4 JUIrF0BM4wyr1Hy/Vb2zN5RkAZYeHwq8Jq9av9qu79Xgan2jcgPRWKSAiztp0BMx kYPLi6PrpvWiWLHpqkWGnKVK1LmdBQXKrPsCmMJacKJ2TldBMofAiuh3QrjqZ7ud GVbTB4HkjX2FnpCt25DkUK5Y5oWP8lv4rvB+iTfO/kVGfSMfrTg1HGH3s49+UTHV GICBGi+L8yftmYaM10a5JjnOCRiIKXa95Kt1CTPrDxFSJG2QBmMBvSGV4qivyf6i buqAso81LVWnJBIKjj21usJqm6Q1lqtU5MTElfDq0w/uo7oxL/eWB4e8H0lm9Jow oD+ZepkO0SHQgwNWprMKrEbI/xow1CiYdxj/a8DYSuQicCjPZanQux04MurfmU5Q YEkzj+oxuzBherHAVwqleHEglDOy6CJx/UCVoxnf0Tcj9FQOTzQ+aUqYMXrM33Yu zhU4Eai/9PKLLuqQzhgXYqsSnHKu5ojzesunRo09D+Q1jjSyIXvhmUmCXBgDvcls MfSUjWJJxniqj+C8zFeHuFEbPU70urVmUH7rWSBsRCRhjzwYMAWpPejkT/XDs1qm SCTElHATr+BfvS0v1E5En2xNKXSodyJL1SaK9rHnkre+40+e0IJJbOQzbQH9MAcJ ylGAp0etGDWZ40Q5IyH8 =N/Ug -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0356", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "itunes", scope: "lt", trust: 1, vendor: "apple", version: "12.4.2", }, { model: "icloud", scope: "lt", trust: 1, vendor: "apple", version: "5.2.1", }, { model: "watchos", scope: "lt", trust: 1, vendor: "apple", version: "2.2.2", }, { model: "tvos", scope: "lt", trust: 1, vendor: "apple", version: "9.2.2", }, { model: "mac os x", scope: "lt", trust: 1, vendor: "apple", version: "10.11.6", }, { model: "iphone os", scope: "lt", trust: 1, vendor: "apple", version: "9.3.3", }, { model: "libxml2", scope: null, trust: 0.8, vendor: "xmlsoft", version: null, }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10.5", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.11 and later", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "icloud", scope: "lt", trust: 0.8, vendor: "apple", version: "5.2.1 (windows 7 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3.3 (ipad 2 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3.3 (iphone 4s or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "9.3.3 (ipod touch first 5 after generation )", }, { model: "itunes", scope: "lt", trust: 0.8, vendor: "apple", version: "12.4.2 (windows 7 or later )", }, { model: "tvos", scope: "lt", trust: 0.8, vendor: "apple", version: "9.2.2 (apple tv first 4 generation )", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2.2 (apple watch edition)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2.2 (apple watch hermes)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2.2 (apple watch sport)", }, { model: "watchos", scope: "lt", trust: 0.8, vendor: "apple", version: "2.2.2 (apple watch)", }, { model: "libxml2", scope: "eq", trust: 0.6, vendor: "xmlsoft", version: null, }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "30", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4.0.80", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.2.20", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.8", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4.1.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.0.4", }, { model: "watch", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "tvos", scope: "ne", trust: 0.3, vendor: "apple", version: "9.2.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.9", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.3.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.1", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.1.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7", }, { model: "directory pro", scope: "eq", trust: 0.3, vendor: "cosmicperl", version: "10.0.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.3.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.03", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "8.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.9", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1.3", }, { model: "esignal", scope: "eq", trust: 0.3, vendor: "esignal", version: "6.0.2", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "ipod touch", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "40", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "7.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.1", }, { model: "itunes", scope: "ne", trust: 0.3, vendor: "apple", version: "12.4.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "7.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.11.6", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.7.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.0.1", }, { model: "tv", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.6", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "1.0.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "50", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.10", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.2.12", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.1.42", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.0.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.1.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.6", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.5", }, { model: "iphone", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.7", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.7", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.5", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.5", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.8", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.1", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "1.0", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.8", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6", }, { model: "watchos", scope: "ne", trust: 0.3, vendor: "apple", version: "2.2.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.6.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.3.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.0.163", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "7.3.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.7", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.7.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2", }, { model: "ipad", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "watchos", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.3.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6.1.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.2.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.5.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0", }, { model: "ios", scope: "ne", trust: 0.3, vendor: "apple", version: "9.3.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "mac os security update", scope: "ne", trust: 0.3, vendor: "apple", version: "x2016", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.4.11", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.6", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.1", }, ], sources: [ { db: "BID", id: "91826", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "NVD", id: "CVE-2016-4615", }, { db: "CNNVD", id: "CNNVD-201607-874", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "9.2.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.2.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.11.6", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "12.4.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.2.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2016-4615", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Wei Lei and Liu Yang of Nanyang Technological,Nicolas Grégoire,Nick Wellnhofer,Nick Wellnhofer,Michael Paddon,Hanno Boeck.", sources: [ { db: "BID", id: "91826", }, ], trust: 0.3, }, cve: "CVE-2016-4615", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2016-4615", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-93434", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2016-4615", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2016-4615", trust: 1.8, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-201607-874", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-93434", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-93434", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "NVD", id: "CVE-2016-4615", }, { db: "CNNVD", id: "CNNVD-201607-874", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. This vulnerability CVE-2016-4614 , CVE-2016-4616 ,and CVE-2016-4619 Is a different vulnerability.Service disruption by a third party ( Memory corruption ) There is a possibility of being affected unspecified, such as being in a state. Apple iTunes is prone to multiple memory-corruption vulnerabilities. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS, OS X, Safari, tvOS and watchOS are all products of Apple Inc. in the United States. Apple iOS is a set of operating systems developed for mobile devices; Apple OS X is a set of dedicated operating systems developed for Mac computers; and the default browser that comes with the iOS operating system; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Libxml2 is one of the function library components based on C language for parsing XML documents. A security vulnerability exists in libxml2 in several Apple products. A remote attacker could exploit this vulnerability to cause a denial of service (memory corruption). The following products and versions are affected: Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 and iCloud prior to 5.2.1 on Windows-based platforms, tvOS prior to 9.2.2, watchOS Versions prior to 2.2.2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-4 tvOS 9.2.2\n\ntvOS 9.2.2 is now available and addresses the following:\n\nCoreGraphics\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nIOAcceleratorFamily\nAvailable for: Apple TV (4th generation)\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-2016-4627 : Ju Zhu of Trend Micro\n\nIOHIDFamily\nAvailable for: Apple TV (4th generation)\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxml2\nAvailable for: Apple TV (4th generation)\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nSandbox Profiles\nAvailable for: Apple TV (4th generation)\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to a system\ndenial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4592 : Mikhail\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4586 : Apple\nCVE-2016-4588 : Apple\nCVE-2016-4589 : Tongbo Luo and Bo Qu of Palo Alto Networks\nCVE-2016-4622 : Samuel Gross working with Trend Microas Zero Day\nInitiative\nCVE-2016-4623 : Apple\nCVE-2016-4624 : Apple\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4587 : Apple\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may compromise user\ninformation on the file system\nDescription: A permissions issue existed in the handling of the\nlocation variable. This was addressed though additional ownership\nchecks. \nCVE-2016-4591 : ma.la of LINE Corporation\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may disclose image data from\nanother website\nDescription: A timing issue existed in the processing of SVG. This\nissue was addressed through improved validation. \nCVE-2016-4583 : Roeland Krak\n\nWebKit Page Loading\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4584 : Chris Vienneau\n\nWebKit Page Loading\nAvailable for: Apple TV (4th generation)\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A cross-site scripting issue existed in Safari URL\nredirection. This issue was addressed through improved URL validation\non redirection. \nCVE-2016-4585 : Takeshi Terada of Mitsui Bussan Secure Directions,\nInc. (www.mbsd.jp)\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -> System -> Software Update -> Update Software.\". \n\nTo check the current version of software, select\n\"Settings -> General -> About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXA+AAoJEIOj74w0bLRGi6IP/2DDPP2Z208nJPL0+a+bMJA4\nJUIrF0BM4wyr1Hy/Vb2zN5RkAZYeHwq8Jq9av9qu79Xgan2jcgPRWKSAiztp0BMx\nkYPLi6PrpvWiWLHpqkWGnKVK1LmdBQXKrPsCmMJacKJ2TldBMofAiuh3QrjqZ7ud\nGVbTB4HkjX2FnpCt25DkUK5Y5oWP8lv4rvB+iTfO/kVGfSMfrTg1HGH3s49+UTHV\nGICBGi+L8yftmYaM10a5JjnOCRiIKXa95Kt1CTPrDxFSJG2QBmMBvSGV4qivyf6i\nbuqAso81LVWnJBIKjj21usJqm6Q1lqtU5MTElfDq0w/uo7oxL/eWB4e8H0lm9Jow\noD+ZepkO0SHQgwNWprMKrEbI/xow1CiYdxj/a8DYSuQicCjPZanQux04MurfmU5Q\nYEkzj+oxuzBherHAVwqleHEglDOy6CJx/UCVoxnf0Tcj9FQOTzQ+aUqYMXrM33Yu\nzhU4Eai/9PKLLuqQzhgXYqsSnHKu5ojzesunRo09D+Q1jjSyIXvhmUmCXBgDvcls\nMfSUjWJJxniqj+C8zFeHuFEbPU70urVmUH7rWSBsRCRhjzwYMAWpPejkT/XDs1qm\nSCTElHATr+BfvS0v1E5En2xNKXSodyJL1SaK9rHnkre+40+e0IJJbOQzbQH9MAcJ\nylGAp0etGDWZ40Q5IyH8\n=N/Ug\n-----END PGP SIGNATURE-----\n", sources: [ { db: "NVD", id: "CVE-2016-4615", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "BID", id: "91826", }, { db: "VULHUB", id: "VHN-93434", }, { db: "PACKETSTORM", id: "137963", }, { db: "PACKETSTORM", id: "137961", }, { db: "PACKETSTORM", id: "137960", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-4615", trust: 3.1, }, { db: "BID", id: "91826", trust: 2, }, { db: "SECTRACK", id: "1036348", trust: 1.7, }, { db: "JVN", id: "JVNVU94844193", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2016-004040", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-874", trust: 0.7, }, { db: "VULHUB", id: "VHN-93434", trust: 0.1, }, { db: "PACKETSTORM", id: "137963", trust: 0.1, }, { db: "PACKETSTORM", id: "137961", trust: 0.1, }, { db: "PACKETSTORM", id: "137960", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-93434", }, { db: "BID", id: "91826", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "PACKETSTORM", id: "137963", }, { db: "PACKETSTORM", id: "137961", }, { db: "PACKETSTORM", id: "137960", }, { db: "NVD", id: "CVE-2016-4615", }, { db: "CNNVD", id: "CNNVD-201607-874", }, ], }, id: "VAR-201607-0356", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-93434", }, ], trust: 0.01, }, last_update_date: "2023-12-18T11:14:24.904000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apple security updates", trust: 0.8, url: "https://support.apple.com/en-us/ht201222", }, { title: "APPLE-SA-2016-07-18-4 tvOS 9.2.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html", }, { title: "APPLE-SA-2016-07-18-3 watchOS 2.2.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html", }, { title: "APPLE-SA-2016-07-18-2 iOS 9.3.3", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html", }, { title: "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html", }, { title: "APPLE-SA-2016-07-18-6 iTunes 12.4.2", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html", }, { title: "HT206904", trust: 0.8, url: "https://support.apple.com/en-us/ht206904", }, { title: "HT206905", trust: 0.8, url: "https://support.apple.com/en-us/ht206905", }, { title: "HT206899", trust: 0.8, url: "https://support.apple.com/en-us/ht206899", }, { title: "HT206901", trust: 0.8, url: "https://support.apple.com/en-us/ht206901", }, { title: "HT206902", trust: 0.8, url: "https://support.apple.com/en-us/ht206902", }, { title: "HT206903", trust: 0.8, url: "https://support.apple.com/en-us/ht206903", }, { title: "HT206899", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206899", }, { title: "HT206901", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206901", }, { title: "HT206902", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206902", }, { title: "HT206903", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206903", }, { title: "HT206904", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206904", }, { title: "HT206905", trust: 0.8, url: "https://support.apple.com/ja-jp/ht206905", }, { title: "libxml2", trust: 0.8, url: "http://xmlsoft.org/index.html", }, { title: "Multiple Apple Product security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63234", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "CNNVD", id: "CNNVD-201607-874", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-93434", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "NVD", id: "CVE-2016-4615", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00001.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00002.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00003.html", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2016/jul/msg00005.html", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/91826", }, { trust: 1.7, url: "https://support.apple.com/ht206899", }, { trust: 1.7, url: "https://support.apple.com/ht206901", }, { trust: 1.7, url: "https://support.apple.com/ht206902", }, { trust: 1.7, url: "https://support.apple.com/ht206903", }, { trust: 1.7, url: "https://support.apple.com/ht206904", }, { trust: 1.7, url: "https://support.apple.com/ht206905", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1036348", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4615", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu94844193/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4615", }, { trust: 0.3, url: "https://www.apple.com/", }, { trust: 0.3, url: "https://www.apple.com/osx/", }, { trust: 0.3, url: "http://www.apple.com/accessibility/tvos/", }, { trust: 0.3, url: "http://www.apple.com/watchos-2/", }, { trust: 0.3, url: "http://www.apple.com/iphone/softwareupdate/", }, { trust: 0.3, url: "http://www.apple.com/itunes/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4615", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4619", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1684", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4449", }, { trust: 0.3, url: "https://gpgtools.org", }, { trust: 0.3, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4610", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4483", }, { trust: 0.3, url: "http://support.apple.com/kb/ht201222", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4609", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4448", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4612", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4614", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4616", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4608", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1836", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4447", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1865", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1863", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4582", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1864", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4607", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4594", }, { trust: 0.1, url: "https://www.apple.com/itunes/download/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4591", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4589", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4622", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4587", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4585", }, { trust: 0.1, url: "https://www.mbsd.jp)", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4588", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4586", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4583", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4592", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4584", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4637", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4626", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4627", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht204641", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4628", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4632", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4631", }, ], sources: [ { db: "VULHUB", id: "VHN-93434", }, { db: "BID", id: "91826", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "PACKETSTORM", id: "137963", }, { db: "PACKETSTORM", id: "137961", }, { db: "PACKETSTORM", id: "137960", }, { db: "NVD", id: "CVE-2016-4615", }, { db: "CNNVD", id: "CNNVD-201607-874", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-93434", }, { db: "BID", id: "91826", }, { db: "JVNDB", id: "JVNDB-2016-004040", }, { db: "PACKETSTORM", id: "137963", }, { db: "PACKETSTORM", id: "137961", }, { db: "PACKETSTORM", id: "137960", }, { db: "NVD", id: "CVE-2016-4615", }, { db: "CNNVD", id: "CNNVD-201607-874", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-22T00:00:00", db: "VULHUB", id: "VHN-93434", }, { date: "2016-07-18T00:00:00", db: "BID", id: "91826", }, { date: "2016-07-29T00:00:00", db: "JVNDB", id: "JVNDB-2016-004040", }, { date: "2016-07-19T20:07:49", db: "PACKETSTORM", id: "137963", }, { date: "2016-07-19T20:04:09", db: "PACKETSTORM", id: "137961", }, { date: "2016-07-19T20:00:50", db: "PACKETSTORM", id: "137960", }, { date: "2016-07-22T02:59:37.570000", db: "NVD", id: "CVE-2016-4615", }, { date: "2016-07-26T00:00:00", db: "CNNVD", id: "CNNVD-201607-874", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-03-25T00:00:00", db: "VULHUB", id: "VHN-93434", }, { date: "2016-07-18T00:00:00", db: "BID", id: "91826", }, { date: "2016-07-29T00:00:00", db: "JVNDB", id: "JVNDB-2016-004040", }, { date: "2019-03-25T16:52:11.117000", db: "NVD", id: "CVE-2016-4615", }, { date: "2019-03-13T00:00:00", db: "CNNVD", id: "CNNVD-201607-874", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201607-874", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Apple Product libxml2 Service disruption in (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-004040", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-201607-874", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.