var-201704-0340
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. EFI is one of the firmware upgrade interface components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite are now available and address the following:
apache Available for: macOS Sierra 10.12.3 Impact: A remote attacker may be able to cause a denial of service Description: Multiple issues existed in Apache before 2.4.25. These were addressed by updating LibreSSL to version 2.4.25. CVE-2016-0736: an anonymous researcher CVE-2016-2161: an anonymous researcher CVE-2016-5387: an anonymous researcher CVE-2016-8740: an anonymous researcher CVE-2016-8743: an anonymous researcher
apache_mod_php Available for: macOS Sierra 10.12.3 Impact: Multiple issues existed in PHP before 5.6.30 Description: Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30. CVE-2016-10158 CVE-2016-10159 CVE-2016-10160 CVE-2016-10161 CVE-2016-9935
AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2421: @cocoahuke
AppleRAID Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2438: sss and Axis of 360Nirvanteam
Audio Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2430: an anonymous researcher working with Trend Microas Zero Day Initiative CVE-2017-2462: an anonymous researcher working with Trend Microas Zero Day Initiative
Bluetooth Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group
Bluetooth Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team
Bluetooth Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2449: sss and Axis from 360NirvanTeam
Carbon Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2017-2379: riusksk (ae3aY=) of Tencent Security Platform Department, John Villamil, Doyensec
CoreGraphics Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to a denial of service Description: An infinite recursion was addressed through improved state management. CVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform Department
CoreMedia Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted .mov file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management. CVE-2017-2431: kimyok of Tencent Security Platform Department
CoreText Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2435: John Villamil, Doyensec
CoreText Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2450: John Villamil, Doyensec
CoreText Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher
curl Available for: macOS Sierra 10.12.3 Impact: Maliciously crafted user input to libcurl API may allow arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2016-9586: Daniel Stenberg of Mozilla
EFI Available for: macOS Sierra 10.12.3 Impact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password Description: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI. CVE-2016-7585: Ulf Frisk (@UlfFrisk)
FinderKit Available for: macOS Sierra 10.12.3 Impact: Permissions may unexpectedly reset when sending links Description: A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls. CVE-2017-2429
FontParser Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform Department
FontParser Available for: macOS Sierra 10.12.3 Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform Department
FontParser Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2439: John Villamil, Doyensec
HTTPProtocol Available for: macOS Sierra 10.12.3 Impact: A malicious HTTP/2 server may be able to cause undefined behavior Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. CVE-2017-2428
Hypervisor Available for: macOS Sierra 10.12.3 Impact: Applications using the Hypervisor framework may unexpectedly leak the CR8 control register between guest and host Description: An information leakage issue was addressed through improved state management. CVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc.
iBooks Available for: macOS Sierra 10.12.3 Impact: Parsing a maliciously crafted iBooks file may lead to local file disclosure Description: An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling. CVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk)
ImageIO Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent
ImageIO Available for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative
ImageIO Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2467
ImageIO Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7. CVE-2016-3619
Intel Graphics Driver Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2443: Ian Beer of Google Project Zero
IOATAFamily Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team
IOFireWireAVC Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2436: Orr A, IBM Security
IOFireWireAVC Available for: macOS Sierra 10.12.3 Impact: A local attacker may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security
IOFireWireFamily Available for: macOS Sierra 10.12.3 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2017-2388: Brandon Azad, an anonymous researcher
Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-2410: Apple
Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2017-2440: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2456: lokihardt of Google Project Zero
Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2472: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2473: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking. CVE-2017-2474: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2478: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2482: Ian Beer of Google Project Zero CVE-2017-2483: Ian Beer of Google Project Zero
Keyboards Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2458: Shashank (@cyberboyIndia)
libarchive Available for: macOS Sierra 10.12.3 Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2017-2390: Omer Medan of enSilo Ltd
libc++abi Available for: macOS Sierra 10.12.3 Impact: Demangling a malicious C++ application may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2441
LibreSSL Available for: macOS Sierra 10.12.3, and OS X El Capitan v10.11.6 Impact: A local user may be able to leak sensitive user information Description: A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation. CVE-2016-7056: Cesar Pereida GarcAa and Billy Brumley (Tampere University of Technology)
MCX Client Available for: macOS Sierra 10.12.3 Impact: Removing a configuration profile with multiple payloads may not remove Active Directory certificate trust Description: An issue existed in profile uninstallation. This issue was addressed through improved cleanup. CVE-2017-2402: an anonymous researcher
Menus Available for: macOS Sierra 10.12.3 Impact: An application may be able to disclose process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2409: Sergey Bylokhov
Multi-Touch Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2422: @cocoahuke
OpenSSH Available for: macOS Sierra 10.12.3 Impact: Multiple issues in OpenSSH Description: Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4. CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012
OpenSSL Available for: macOS Sierra 10.12.3 Impact: A local user may be able to leak sensitive user information Description: A timing side channel issue was addressed by using constant time computation. CVE-2016-7056: Cesar Pereida GarcAa and Billy Brumley (Tampere University of Technology)
Printing Available for: macOS Sierra 10.12.3 Impact: Clicking a malicious IPP(S) link may lead to arbitrary code execution Description: An uncontrolled format string issue was addressed through improved input validation. CVE-2017-2403: beist of GrayHash
python Available for: macOS Sierra 10.12.3 Impact: Processing maliciously crafted zip archives with Python may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation. CVE-2016-5636
QuickTime Available for: macOS Sierra 10.12.3 Impact: Viewing a maliciously crafted media file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling. CVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360
Security Available for: macOS Sierra 10.12.3 Impact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed Description: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation. CVE-2017-2423: an anonymous researcher
Security Available for: macOS Sierra 10.12.3 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Under certain circumstances, Secure Transport failed to validate the authenticity of OTR packets. This issue was addressed by restoring missing validation steps. CVE-2017-2448: Alex Radocea of Longterm Security, Inc.
Security Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code with root privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2451: Alex Radocea of Longterm Security, Inc.
Security Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. CVE-2017-2485: Aleksandar Nikolic of Cisco Talos
SecurityFoundation Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A double free issue was addressed through improved memory management. CVE-2017-2425: kimyok of Tencent Security Platform Department
sudo Available for: macOS Sierra 10.12.3 Impact: A user in an group named "admin" on a network directory server may be able to unexpectedly escalate privileges using sudo Description: An access issue existed in sudo. This issue was addressed through improved permissions checking. CVE-2017-2381
System Integrity Protection Available for: macOS Sierra 10.12.3 Impact: A malicious application may be able to modify protected disk locations Description: A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process. CVE-2017-6974: Patrick Wardle of Synack
tcpdump Available for: macOS Sierra 10.12.3 Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0. CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486
tiffutil Available for: macOS Sierra 10.12.3 Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7. CVE-2016-3619 CVE-2016-9533 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9538 CVE-2016-9539 CVE-2016-9540
WebKit Available for: macOS Sierra 10.12.3 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed through improved state management. CVE-2017-2486: redrain of light4freedom
WebKit Available for: macOS Sierra 10.12.3 Impact: An application may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2392: Max Bazaliy of Lookout
WebKit Available for: macOS Sierra 10.12.3 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2457: lokihardt of Google Project Zero
Installation note:
macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJY2Yo6AAoJEIOj74w0bLRGPqYQAMBBWvVEfXg753E0gorEMXMG 3OKqGKmkpIgKRSmtNja4Heq/tY2pSBN0CDHKfeGnO6ayUmeH5yZwg8ZWtqaV3bpl Gx7jBvglsrGt4vSPcUvhQV/4YSrRDMDwqBOqBcrIFRQnUMluybw0PiRkMuUQ1m30 Uh10OO94SJbzqtbGkEHXJX/ajOX5ELlkXE7tHD8Z91IJa95fxN4dZ2mTEiGQ4XCu NfkDN/U6S+qj+KRl3ra7fIA5QttTQoqM497Efan8soyq9oLrc5jypDrtuKEiU2/x DUpRxONjOIlmilsYFosMjT+z5PUWdHcfkw6U5sLYcwCgY3hkYwJnJUX6I2VSLjk7 aa85lAGyj/cyqd2n4PEF58bFlGZkfv1BuUp06f8ccEMjG4dxYjCxrVw4uwGvE61n hVgS25GGhJXbvHxkpggdC6n3Pbe7FqhUPwzhFRhBeFKVw+ed5wf6PoxqiJ+wmu+Y vEk+b+s1rsPz5WDXc7vkDegA5S3CsxLGEzTDRxvlcktmku08Rv3EHr+1SSAwB5CE BtOWoT2i6KN4+XgaOdT1dBX2nkeIumM44OS+aJEW27uXSaLD7zm44EjEd1LyQRko hpruHLPZsZQudpkfayUo6YYu5uNZdfJoNktKhU255keYnrLZk9I8UgXjW0IC5Ev1 CN+j/BMQsIWdeO1Cm3Rc =DFqi -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "security update yosemite",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "security update el capitan",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0010"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
}
],
"sources": [
{
"db": "BID",
"id": "97140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7585"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ulf Frisk, Apple, Brandon Azad, an anonymous researcher, Max Bazaliy, beist, Sergey Bylokhov, Simon Huang, pjf, Alex Fishman, Izik Eidus, Pekka Oikarainen, Matias Karhumaa, Marko Laakso, @cocoahuke, kimyok, Craig Arendt, Axis, sss, Orr A, Benjamin Gnahm, I",
"sources": [
{
"db": "BID",
"id": "97140"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7585",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-7585",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-96405",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-7585",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7585",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-041",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96405",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2016-7585",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96405"
},
{
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the \"EFI\" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. EFI is one of the firmware upgrade interface components. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update\n2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nmacOS Sierra 10.12.4, Security Update 2017-001 El Capitan,\nand Security Update 2017-001 Yosemite are now available and\naddress the following:\n\napache\nAvailable for: macOS Sierra 10.12.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: Multiple issues existed in Apache before 2.4.25. These\nwere addressed by updating LibreSSL to version 2.4.25. \nCVE-2016-0736: an anonymous researcher\nCVE-2016-2161: an anonymous researcher\nCVE-2016-5387: an anonymous researcher\nCVE-2016-8740: an anonymous researcher\nCVE-2016-8743: an anonymous researcher\n\napache_mod_php\nAvailable for: macOS Sierra 10.12.3\nImpact: Multiple issues existed in PHP before 5.6.30\nDescription: Multiple issues existed in PHP before 5.6.30. These were\naddressed by updating PHP to version 5.6.30. \nCVE-2016-10158\nCVE-2016-10159\nCVE-2016-10160\nCVE-2016-10161\nCVE-2016-9935\n\nAppleGraphicsPowerManagement\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed through improved memory\nhandling. \nCVE-2017-2421: @cocoahuke\n\nAppleRAID\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2438: sss and Axis of 360Nirvanteam\n\nAudio\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2430: an anonymous researcher working with Trend Microas\nZero Day Initiative\nCVE-2017-2462: an anonymous researcher working with Trend Microas\nZero Day Initiative\n\nBluetooth\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of\nSynopsys Software Integrity Group\n\nBluetooth\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team\n\nBluetooth\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2449: sss and Axis from 360NirvanTeam\n\nCarbon\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2017-2379: riusksk (ae3aY=) of Tencent Security Platform\nDepartment, John Villamil, Doyensec\n\nCoreGraphics\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An infinite recursion was addressed through improved\nstate management. \nCVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nCoreMedia\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted .mov file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.mov files. This issue was addressed through improved memory\nmanagement. \nCVE-2017-2431: kimyok of Tencent Security Platform Department\n\nCoreText\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2435: John Villamil, Doyensec\n\nCoreText\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2450: John Villamil, Doyensec\n\nCoreText\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\ncurl\nAvailable for: macOS Sierra 10.12.3\nImpact: Maliciously crafted user input to libcurl API may allow\narbitrary code execution\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2016-9586: Daniel Stenberg of Mozilla\n\nEFI\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious Thunderbolt adapter may be able to recover the\nFileVault 2 encryption password\nDescription: An issue existed in the handling of DMA. This issue was\naddressed by enabling VT-d in EFI. \nCVE-2016-7585: Ulf Frisk (@UlfFrisk)\n\nFinderKit\nAvailable for: macOS Sierra 10.12.3\nImpact: Permissions may unexpectedly reset when sending links\nDescription: A permission issue existed in the handling of the Send\nLink feature of iCloud Sharing. This issue was addressed through\nimproved permission controls. \nCVE-2017-2429\n\nFontParser\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\nCVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: macOS Sierra 10.12.3\nImpact: Parsing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2439: John Villamil, Doyensec\n\nHTTPProtocol\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious HTTP/2 server may be able to cause undefined\nbehavior\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These\nwere addressed by updating LibreSSL to version 1.17.0. \nCVE-2017-2428\n\nHypervisor\nAvailable for: macOS Sierra 10.12.3\nImpact: Applications using the Hypervisor framework may unexpectedly\nleak the CR8 control register between guest and host\nDescription: An information leakage issue was addressed through\nimproved state management. \nCVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc. \n\niBooks\nAvailable for: macOS Sierra 10.12.3\nImpact: Parsing a maliciously crafted iBooks file may lead to local\nfile disclosure\nDescription: An information leak existed in the handling of file\nURLs. This issue was addressed through improved URL handling. \nCVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu\n(@shhnjk)\n\nImageIO\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2416: Qidan He (a1/2ae*a,1, @flanker_hqd) of KeenLab, Tencent\n\nImageIO\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2432: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nImageIO\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2467\n\nImageIO\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted image may lead to unexpected\napplication termination\nDescription: An out-of-bound read existed in LibTIFF versions before\n4.0.7. This was addressed by updating LibTIFF in ImageIO to version\n4.0.7. \nCVE-2016-3619\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2443: Ian Beer of Google Project Zero\n\nIOATAFamily\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nIOFireWireAVC\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2436: Orr A, IBM Security\n\nIOFireWireAVC\nAvailable for: macOS Sierra 10.12.3\nImpact: A local attacker may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security\n\nIOFireWireFamily\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2017-2388: Brandon Azad, an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An input validation issue existed in the kernel. This\nissue was addressed through improved input validation. \nCVE-2017-2410: Apple\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2017-2440: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith root privileges\nDescription: A race condition was addressed through improved memory\nhandling. \nCVE-2017-2456: lokihardt of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2472: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-2473: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An off-by-one issue was addressed through improved\nbounds checking. \nCVE-2017-2474: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed through improved locking. \nCVE-2017-2478: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2482: Ian Beer of Google Project Zero\nCVE-2017-2483: Ian Beer of Google Project Zero\n\nKeyboards\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-2458: Shashank (@cyberboyIndia)\n\nlibarchive\nAvailable for: macOS Sierra 10.12.3\nImpact: A local attacker may be able to change file system\npermissions on arbitrary directories\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2017-2390: Omer Medan of enSilo Ltd\n\nlibc++abi\nAvailable for: macOS Sierra 10.12.3\nImpact: Demangling a malicious C++ application may lead to arbitrary\ncode execution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2441\n\nLibreSSL\nAvailable for: macOS Sierra 10.12.3, and OS X El Capitan v10.11.6\nImpact: A local user may be able to leak sensitive user information\nDescription: A timing side channel allowed an attacker to recover\nkeys. This issue was addressed by introducing constant time\ncomputation. \nCVE-2016-7056: Cesar Pereida GarcAa and Billy Brumley (Tampere\nUniversity of Technology)\n\nMCX Client\nAvailable for: macOS Sierra 10.12.3\nImpact: Removing a configuration profile with multiple payloads may\nnot remove Active Directory certificate trust\nDescription: An issue existed in profile uninstallation. This issue\nwas addressed through improved cleanup. \nCVE-2017-2402: an anonymous researcher\n\nMenus\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to disclose process memory\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2017-2409: Sergey Bylokhov\n\nMulti-Touch\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2422: @cocoahuke\n\nOpenSSH\nAvailable for: macOS Sierra 10.12.3\nImpact: Multiple issues in OpenSSH\nDescription: Multiple issues existed in OpenSSH before version 7.4. \nThese were addressed by updating OpenSSH to version 7.4. \nCVE-2016-10009\nCVE-2016-10010\nCVE-2016-10011\nCVE-2016-10012\n\nOpenSSL\nAvailable for: macOS Sierra 10.12.3\nImpact: A local user may be able to leak sensitive user information\nDescription: A timing side channel issue was addressed by using\nconstant time computation. \nCVE-2016-7056: Cesar Pereida GarcAa and Billy Brumley (Tampere\nUniversity of Technology)\n\nPrinting\nAvailable for: macOS Sierra 10.12.3\nImpact: Clicking a malicious IPP(S) link may lead to arbitrary code\nexecution\nDescription: An uncontrolled format string issue was addressed\nthrough improved input validation. \nCVE-2017-2403: beist of GrayHash\n\npython\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing maliciously crafted zip archives with Python may\nlead to arbitrary code execution\nDescription: A memory corruption issue existed in the handling of zip\narchives. This issue was addressed through improved input validation. \nCVE-2016-5636\n\nQuickTime\nAvailable for: macOS Sierra 10.12.3\nImpact: Viewing a maliciously crafted media file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in QuickTime. This\nissue was addressed through improved memory handling. \nCVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of\nQihoo 360\n\nSecurity\nAvailable for: macOS Sierra 10.12.3\nImpact: Validating empty signatures with SecKeyRawVerify() may\nunexpectedly succeed\nDescription: An validation issue existed with cryptographic API\ncalls. This issue was addressed through improved parameter\nvalidation. \nCVE-2017-2423: an anonymous researcher\n\nSecurity\nAvailable for: macOS Sierra 10.12.3\nImpact: An attacker with a privileged network position may capture or\nmodify data in sessions protected by SSL/TLS\nDescription: Under certain circumstances, Secure Transport failed to\nvalidate the authenticity of OTR packets. This issue was addressed by\nrestoring missing validation steps. \nCVE-2017-2448: Alex Radocea of Longterm Security, Inc. \n\nSecurity\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-2451: Alex Radocea of Longterm Security, Inc. \n\nSecurity\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted x509 certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the parsing of\ncertificates. This issue was addressed through improved input\nvalidation. \nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\nSecurityFoundation\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A double free issue was addressed through improved\nmemory management. \nCVE-2017-2425: kimyok of Tencent Security Platform Department\n\nsudo\nAvailable for: macOS Sierra 10.12.3\nImpact: A user in an group named \"admin\" on a network directory\nserver may be able to unexpectedly escalate privileges using sudo\nDescription: An access issue existed in sudo. This issue was\naddressed through improved permissions checking. \nCVE-2017-2381\n\nSystem Integrity Protection\nAvailable for: macOS Sierra 10.12.3\nImpact: A malicious application may be able to modify protected\ndisk locations\nDescription: A validation issue existed in the handling of\nsystem installation. This issue was addressed through improved\nhandling and validation during the installation process. \nCVE-2017-6974: Patrick Wardle of Synack\n\ntcpdump\nAvailable for: macOS Sierra 10.12.3\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code with user assistance\nDescription: Multiple issues existed in tcpdump before 4.9.0. These\nwere addressed by updating tcpdump to version 4.9.0. \nCVE-2016-7922\nCVE-2016-7923\nCVE-2016-7924\nCVE-2016-7925\nCVE-2016-7926\nCVE-2016-7927\nCVE-2016-7928\nCVE-2016-7929\nCVE-2016-7930\nCVE-2016-7931\nCVE-2016-7932\nCVE-2016-7933\nCVE-2016-7934\nCVE-2016-7935\nCVE-2016-7936\nCVE-2016-7937\nCVE-2016-7938\nCVE-2016-7939\nCVE-2016-7940\nCVE-2016-7973\nCVE-2016-7974\nCVE-2016-7975\nCVE-2016-7983\nCVE-2016-7984\nCVE-2016-7985\nCVE-2016-7986\nCVE-2016-7992\nCVE-2016-7993\nCVE-2016-8574\nCVE-2016-8575\nCVE-2017-5202\nCVE-2017-5203\nCVE-2017-5204\nCVE-2017-5205\nCVE-2017-5341\nCVE-2017-5342\nCVE-2017-5482\nCVE-2017-5483\nCVE-2017-5484\nCVE-2017-5485\nCVE-2017-5486\n\ntiffutil\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing a maliciously crafted image may lead to unexpected\napplication termination\nDescription: An out-of-bound read existed in LibTIFF versions before\n4.0.7. This was addressed by updating LibTIFF in AKCmds to version\n4.0.7. \nCVE-2016-3619\nCVE-2016-9533\nCVE-2016-9535\nCVE-2016-9536\nCVE-2016-9537\nCVE-2016-9538\nCVE-2016-9539\nCVE-2016-9540\n\nWebKit\nAvailable for: macOS Sierra 10.12.3\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed\nthrough improved state management. \nCVE-2017-2486: redrain of light4freedom\n\nWebKit\nAvailable for: macOS Sierra 10.12.3\nImpact: An application may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2017-2392: Max Bazaliy of Lookout\n\nWebKit\nAvailable for: macOS Sierra 10.12.3\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-2457: lokihardt of Google Project Zero\n\nInstallation note:\n\nmacOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and\nSecurity Update 2017-001 Yosemite may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCgAGBQJY2Yo6AAoJEIOj74w0bLRGPqYQAMBBWvVEfXg753E0gorEMXMG\n3OKqGKmkpIgKRSmtNja4Heq/tY2pSBN0CDHKfeGnO6ayUmeH5yZwg8ZWtqaV3bpl\nGx7jBvglsrGt4vSPcUvhQV/4YSrRDMDwqBOqBcrIFRQnUMluybw0PiRkMuUQ1m30\nUh10OO94SJbzqtbGkEHXJX/ajOX5ELlkXE7tHD8Z91IJa95fxN4dZ2mTEiGQ4XCu\nNfkDN/U6S+qj+KRl3ra7fIA5QttTQoqM497Efan8soyq9oLrc5jypDrtuKEiU2/x\nDUpRxONjOIlmilsYFosMjT+z5PUWdHcfkw6U5sLYcwCgY3hkYwJnJUX6I2VSLjk7\naa85lAGyj/cyqd2n4PEF58bFlGZkfv1BuUp06f8ccEMjG4dxYjCxrVw4uwGvE61n\nhVgS25GGhJXbvHxkpggdC6n3Pbe7FqhUPwzhFRhBeFKVw+ed5wf6PoxqiJ+wmu+Y\nvEk+b+s1rsPz5WDXc7vkDegA5S3CsxLGEzTDRxvlcktmku08Rv3EHr+1SSAwB5CE\nBtOWoT2i6KN4+XgaOdT1dBX2nkeIumM44OS+aJEW27uXSaLD7zm44EjEd1LyQRko\nhpruHLPZsZQudpkfayUo6YYu5uNZdfJoNktKhU255keYnrLZk9I8UgXjW0IC5Ev1\nCN+j/BMQsIWdeO1Cm3Rc\n=DFqi\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "BID",
"id": "97140"
},
{
"db": "VULHUB",
"id": "VHN-96405"
},
{
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"db": "PACKETSTORM",
"id": "141994"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7585",
"trust": 3.0
},
{
"db": "BID",
"id": "97140",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1038138",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90482935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96405",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-7585",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141994",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96405"
},
{
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"db": "BID",
"id": "97140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "PACKETSTORM",
"id": "141994"
},
{
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"id": "VAR-201704-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96405"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:55:59.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207615",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207615"
},
{
"title": "HT207615",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207615"
},
{
"title": "Apple macOS Sierra EFI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68934"
},
{
"title": "Apple: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=27f7b30a8e31da5065e7b124a224b22b"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/macs-not-receiving-efi-firmware-security-updates-as-expected/128191/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "NVD",
"id": "CVE-2016-7585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/97140"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207615"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1038138"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7585"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7585"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90482935/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/macs-not-receiving-efi-firmware-security-updates-as-expected/128191/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7933"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10159"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7929"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7932"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96405"
},
{
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"db": "BID",
"id": "97140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "PACKETSTORM",
"id": "141994"
},
{
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96405"
},
{
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"db": "BID",
"id": "97140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"db": "PACKETSTORM",
"id": "141994"
},
{
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-96405"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"date": "2017-03-27T00:00:00",
"db": "BID",
"id": "97140"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"date": "2017-03-27T17:32:32",
"db": "PACKETSTORM",
"id": "141994"
},
{
"date": "2017-04-02T01:59:00.167000",
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-96405"
},
{
"date": "2017-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7585"
},
{
"date": "2017-06-08T08:02:00",
"db": "BID",
"id": "97140"
},
{
"date": "2017-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002432"
},
{
"date": "2017-07-12T01:29:02.910000",
"db": "NVD",
"id": "CVE-2016-7585"
},
{
"date": "2017-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple macOS of EFI In the component FileVault 2 Vulnerability in obtaining encrypted passwords",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002432"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-041"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.