SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Gain Elevated Privileges and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges
SecurityTracker Alert ID:  1035895
SecurityTracker URL:  http://securitytracker.com/id/1035895
CVE Reference:   CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1809, CVE-2016-1810, CVE-2016-1812, CVE-2016-1815, CVE-2016-1816, CVE-2016-1820, CVE-2016-1821, CVE-2016-1822, CVE-2016-1825, CVE-2016-1826, CVE-2016-1843, CVE-2016-1844, CVE-2016-1846, CVE-2016-1848, CVE-2016-1850, CVE-2016-1851, CVE-2016-1853   (Links to External Site)
Date:  May 17 2016
Impact:   Denial of service via network, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can modify data on the target system. A remote user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote user can gain elevated privileges.

An application can trigger a memory corruption error and execute arbitrary code with kernel-level privileges [CVE-2016-1792].

An application can trigger a boundary error to determine kernel memory layout [CVE-2016-1791].

An application can trigger a null pointer dereference in AppleGraphicsControl and execute arbitrary code with kernel-level privileges [CVE-2016-1793, CVE-2016-1794].

An application can trigger a memory corruption error in AppleGraphicsPowerManagement and execute arbitrary code with kernel-level privileges [CVE-2016-1795].

An application can trigger an out-of-bounds memory access error to determine kernel memory layout [CVE-2016-1796].

An application can trigger a sandbox policy error and execute arbitrary code with system privileges [CVE-2016-1797].

An application can trigger a null pointer dereference in Audio and cause denial of service conditions [CVE-2016-1798].

An application can trigger a memory corruption error in Audio and execute arbitrary code with kernel-level privileges [CVE-2016-1799].

A remote user in a privileged network position can trigger a URL handling flaw in Captive Network Assistant to cause arbitrary code to be executed on the target system [CVE-2016-1800].

An application can trigger a configuration error in CoreStorage and execute arbitrary code with kernel-level privileges [CVE-2016-1805].

An application can trigger a configuration error in Crash Reporter and execute arbitrary code with kernel-level privileges [CVE-2016-1806].

The Disk Utility component may fail to compress and encrypt disk images due to incorrect keys [CVE-2016-1809]. A local user can access the images.

An application can trigger a memory corruption error in Graphics Drivers and execute arbitrary code with kernel-level privileges [CVE-2016-1810].

An application can trigger a buffer overflow in the Intel Graphics Driver and execute arbitrary code with kernel-level privileges [CVE-2016-1812].

An application can trigger a memory corruption error in IOAcceleratorFamily and execute arbitrary code with kernel-level privileges [CVE-2016-1815].

An application can trigger a null pointer dereference in IOAcceleratorFamily and execute arbitrary code with kernel-level privileges [CVE-2016-1816].

An application can trigger a buffer overflow in IOAudioFamily and execute arbitrary code with kernel-level privileges [CVE-2016-1820].

An application can trigger a null pointer dereference in IOAudioFamily and execute arbitrary code with kernel-level privileges [CVE-2016-1821].

An application can trigger a memory corruption error in IOFireWireFamily and execute arbitrary code with kernel-level privileges [CVE-2016-1822].

An application can trigger a memory corruption error in IOHIDFamily and execute arbitrary code with kernel-level privileges [CVE-2016-1825].

An application can trigger an integer overflow in dtrace and execute arbitrary code with kernel-level privileges [CVE-2016-1826].

A remote user can trigger a validation error in Messages to modify a target user's contact list [CVE-2016-1844].

A remote user can trigger a filename parsing error in Messages to obtain potentially sensitive user information [CVE-2016-1843].

An application can trigger a memory corruption error in Multi-Touch and execute arbitrary code with kernel-level privileges [CVE-2016-1804].

An application can trigger a memory corruption error in NVIDIA Graphics Drivers and execute arbitrary code with kernel-level privileges [CVE-2016-1846].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in QuickTime and execute arbitrary code with kernel-level privileges [CVE-2016-1848].

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error in SceneKit and execute arbitrary code with kernel-level privileges [CVE-2016-1850].

A physically local user can reset an expired password from the lock screen [CVE-2016-1851].

A remote user in a privileged network position can exploit a flaw in Tcl to obtain potentially sensitive user information [CVE-2016-1853.]

beist and ABH of BoB, Brandon Azad, Tyler Bohan of Cisco Talos, Thijs Alkemade of Computest, Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative, Juwei Lin of TrendMicro, Francis Provencher from COSIG, Peter Pi (@heisecode) of Trend Micro, Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com],
daybreaker of Minionz, Ian Beer of Google Project Zero, Ben Murphy (via Trend Micro's Zero Day Initiative), CESG, Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro, lokihardt (via Trend Micro's Zero Day Initiative), Liang Chen, Qidan He of KeenLab, Tencent (via Trend Micro's Zero Day Initiative), Stefan Esser, Ast A. Moore (@astamoore) and David Foster of TechSmartKids, an anonymous researcher, and researchers at Tel Aviv University,
Munster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni,
Emilia Kasper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote or local user can modify data on the target system.

A remote user can cause denial of service conditions.

A local user can obtain elevated privileges on the target system.

A remote user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix (10.11.5 and Security Update 2016-003).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT206567

Vendor URL:  support.apple.com/en-us/HT206567 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC