Lucene search

[email protected]CVE-2016-1719

HistoryFeb 01, 2016 - 11:59 a.m.

CVE-2016-1719

2016-02-0111:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-1719

iohidfamily api

apple

ios

os x

tvos

memory corruption

privilege escalation

cve

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CPENameOperatorVersion
apple:watchosapple watchosle2.1
apple:iphone_osapple iphone osle9.2
apple:mac_os_xapple mac os xle10.11.2
apple:tvosapple tvosle9.1

CPE	Name	Operator	Version
apple:watchos	apple watchos	le	2.1
apple:iphone_os	apple iphone os	le	9.2
apple:mac_os_x	apple mac os x	le	10.11.2
apple:tvos	apple tvos	le	9.1

References

lists.apple.com/archives/security-announce/2016/Jan/msg00002.html

lists.apple.com/archives/security-announce/2016/Jan/msg00003.html

lists.apple.com/archives/security-announce/2016/Jan/msg00005.html

lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

packetstormsecurity.com/files/135438/iOS-Kernel-IOReportHub-Use-After-Free.html

packetstormsecurity.com/files/135439/iOS-Kernel-IOHIDEventService-Use-After-Free.html

packetstormsecurity.com/files/135440/iOS-Kernel-AppleOscarCMA-Use-After-Free.html

packetstormsecurity.com/files/135441/iOS-Kernel-AppleOscarCompass-Use-After-Free.html

packetstormsecurity.com/files/135442/iOS-Kernel-AppleOscarAccelerometer-Use-After-Free.html

packetstormsecurity.com/files/135443/iOS-Kernel-AppleOscarGyro-Use-After-Free.html

www.securitytracker.com/id/1034736

code.google.com/p/google-security-research/issues/detail?id=603

code.google.com/p/google-security-research/issues/detail?id=604

code.google.com/p/google-security-research/issues/detail?id=605

code.google.com/p/google-security-research/issues/detail?id=606

code.google.com/p/google-security-research/issues/detail?id=607

code.google.com/p/google-security-research/issues/detail?id=608

support.apple.com/HT205729

support.apple.com/HT205731

support.apple.com/HT205732

support.apple.com/HT206168

www.exploit-db.com/exploits/39359/

www.exploit-db.com/exploits/39360/

www.exploit-db.com/exploits/39361/

www.exploit-db.com/exploits/39362/

www.exploit-db.com/exploits/39363/

www.exploit-db.com/exploits/39364/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2016-1719

cvelist1 zdt6 prion1 apple8 nessus3 openvas1