VAR-201609-0242
Vulnerability from variot - Updated: 2023-12-18 11:10NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. These issues are fixed in: Apple macOS 10.12. NSSecureTextField is one of the components used to mask passwords. The vulnerability stems from the fact that the program does not enable Secure Input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0242",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
}
],
"sources": [
{
"db": "BID",
"id": "93055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qidan He(@flanker_hqd) from KeenLab working with Trend Micro\u0027s Zero Day Initiative, Shrek_wzw of Qihoo 360 Nirvan Team, Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro\u0027s Zero Day Initiative, Meder Kydyraliev Google Security T",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4742",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93561",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4742",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-449",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93561",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-4742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93561"
},
{
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. \nThese issues are fixed in:\nApple macOS 10.12. NSSecureTextField is one of the components used to mask passwords. The vulnerability stems from the fact that the program does not enable Secure Input",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "BID",
"id": "93055"
},
{
"db": "VULHUB",
"id": "VHN-93561"
},
{
"db": "VULMON",
"id": "CVE-2016-4742"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4742",
"trust": 2.9
},
{
"db": "BID",
"id": "93055",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036858",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90950877",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-608",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-16-609",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93561",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93561"
},
{
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"db": "BID",
"id": "93055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"id": "VAR-201609-0242",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93561"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:10:42.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2016-09-20 macOS Sierra 10.12",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html"
},
{
"title": "HT207170",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207170"
},
{
"title": "HT207170",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207170"
},
{
"title": "Apple OS X NSSecureTextField Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64325"
},
{
"title": "Apple: macOS Sierra 10.12",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=56fe8957a503c1b7b6f00fbd6d759042"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93561"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "NVD",
"id": "CVE-2016-4742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/93055"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/sep/msg00006.html"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207170"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036858"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4742"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90950877/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4742"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2016/sep/msg00006.html"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-608/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-609/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-appleefiruntime-cve-2016-4696"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207170"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93561"
},
{
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"db": "BID",
"id": "93055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93561"
},
{
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"db": "BID",
"id": "93055"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-93561"
},
{
"date": "2016-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"date": "2016-09-20T00:00:00",
"db": "BID",
"id": "93055"
},
{
"date": "2016-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"date": "2016-09-25T10:59:43.673000",
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"date": "2016-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-93561"
},
{
"date": "2017-07-30T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4742"
},
{
"date": "2016-11-24T01:11:00",
"db": "BID",
"id": "93055"
},
{
"date": "2016-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004977"
},
{
"date": "2017-07-30T01:29:06.117000",
"db": "NVD",
"id": "CVE-2016-4742"
},
{
"date": "2016-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of NSSecureTextField Vulnerabilities in which credentials are obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-449"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…