ID CVE-2016-7667 Type cve Reporter cve@mitre.org Modified 2017-02-22T15:10:00
Description
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
{"apple": [{"lastseen": "2020-12-24T20:44:19", "bulletinFamily": "software", "cvelist": ["CVE-2016-7648", "CVE-2016-7646", "CVE-2016-7714", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-4695", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-7655", "CVE-2016-7599", "CVE-2016-4743", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-7654", "CVE-2016-4691", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7645", "CVE-2016-7615", "CVE-2016-7589", "CVE-2016-7586", "CVE-2016-7643", "CVE-2016-7640", "CVE-2016-7662", "CVE-2016-7663", "CVE-2016-7642", "CVE-2016-7610", "CVE-2016-7611", "CVE-2016-7641", "CVE-2016-7619", "CVE-2016-7635", "CVE-2016-7652", "CVE-2016-7627", "CVE-2016-7632", "CVE-2016-7657", "CVE-2016-7660", "CVE-2016-7598", "CVE-2016-7649", "CVE-2016-7621", "CVE-2016-7587", "CVE-2016-7639", "CVE-2016-7656", "CVE-2016-7607", "CVE-2016-4692", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7588", "CVE-2016-7612", "CVE-2016-7626", "CVE-2016-7659", "CVE-2016-7658"], "description": "For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://www.apple.com/support/security/>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.1\n\nReleased December 12, 2016\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nEntry added December 13, 2016\n\n**CoreFoundation**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.\n\nCVE-2016-7663: an anonymous researcher\n\nEntry added December 13, 2016\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to unexpected application termination\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM\n\nEntry added December 13, 2016\n\n**CoreMedia External Displays**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7655: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**CoreMedia Playback**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\nEntry added December 13, 2016\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-7595: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\nEntry added December 13, 2016\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: An issue when rendering overlapping ranges was addressed through improved validation.\n\nCVE-2016-7667: Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)\n\nEntry added December 15, 2016\n\n**Disk Images**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\nEntry added December 13, 2016\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-4691: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\nEntry added December 13, 2016\n\n**ICU**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7594: Andr\u00e9 Bargull\n\nEntry added December 13, 2016\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nEntry added December 13, 2016\n\n**IOHIDFamily**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7591: daybreaker of Minionz\n\nEntry added December 13, 2016\n\n**IOKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7657: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**IOKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7714: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A script executing in a JavaScript sandbox may be able to access state outside that sandbox\n\nDescription: A validation issue existed in processing JavaScript. This issue was addressed through improved validation.\n\nCVE-2016-4695: Mark S. Miller of Google\n\nEntry added August 16, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\n\nCVE-2016-7612: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read kernel memory\n\nDescription: An insufficient initialization issue was addressed by properly initializing memory returned to user space.\n\nCVE-2016-7607: Brandon Azad\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7615: The UK's National Cyber Security Centre (NCSC)\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7621: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7637: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\n****Available for: Apple TV (4th generation)\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7647: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry added May 17, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2016-7619: an anonymous researcher\n\nEntry added December 13, 2016\n\n**Power Management**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7661: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Profiles**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Opening a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation.\n\nCVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm\n\nDescription: 3DES was removed as a default cipher.\n\nCVE-2016-4693: Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris\n\nEntry added December 13, 2016\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.\n\nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\nEntry added December 13, 2016\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Certificates may be unexpectedly evaluated as trusted\n\nDescription: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.\n\nCVE-2016-7662: Apple\n\nEntry added December 13, 2016\n\n**syslog**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7660: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4692: Apple\n\nCVE-2016-7635: Apple\n\nCVE-2016-7652: Apple\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4743: Alan Cutter\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of user information\n\nDescription: A validation issue was addressed through improved state management.\n\nCVE-2016-7586: Boris Zbarsky\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2016-7587: Adam Klein\n\nCVE-2016-7610: Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2016-7611: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2016-7639: Tongbo Luo of Palo Alto Networks\n\nCVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7642: Tongbo Luo of Palo Alto Networks\n\nCVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7654: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved state management.\n\nCVE-2016-7589: Apple\n\nCVE-2016-7656: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An uninitialized memory access issue was addressed through improved memory initialization.\n\nCVE-2016-7598: Samuel Gro\u00df\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may result in the disclosure of user information\n\nDescription: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.\n\nCVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved state management.\n\nCVE-2016-7632: Jeonghoon Shin\n\nEntry added December 13, 2016\n", "edition": 2, "modified": "2017-08-16T09:45:39", "published": "2017-08-16T09:45:39", "id": "APPLE:HT207425", "href": "https://support.apple.com/kb/HT207425", "title": "About the security content of tvOS 10.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-7648", "CVE-2016-7646", "CVE-2016-7664", "CVE-2016-7651", "CVE-2016-7714", "CVE-2016-7650", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-4689", "CVE-2016-4695", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-7601", "CVE-2016-7655", "CVE-2016-7599", "CVE-2016-4743", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-7654", "CVE-2016-4691", "CVE-2016-7623", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7645", "CVE-2016-7597", "CVE-2016-7615", "CVE-2016-7589", "CVE-2016-7765", "CVE-2016-7586", "CVE-2016-7644", "CVE-2016-7643", "CVE-2016-7640", "CVE-2016-7662", "CVE-2016-7630", "CVE-2016-7766", "CVE-2016-7663", "CVE-2016-7642", "CVE-2016-7610", "CVE-2016-7611", "CVE-2016-7641", "CVE-2016-7619", "CVE-2016-7638", "CVE-2016-7635", "CVE-2016-4690", "CVE-2016-7652", "CVE-2016-7627", "CVE-2016-7632", "CVE-2016-7657", "CVE-2016-7660", "CVE-2016-7598", "CVE-2016-7649", "CVE-2016-7653", "CVE-2016-7621", "CVE-2016-4781", "CVE-2016-7587", "CVE-2016-7639", "CVE-2016-7592", "CVE-2016-7656", "CVE-2016-7607", "CVE-2016-4692", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7762", "CVE-2016-7588", "CVE-2016-7665", "CVE-2016-7634", "CVE-2016-7612", "CVE-2016-7626", "CVE-2016-7659", "CVE-2016-7658"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.2\n\nReleased December 12, 2016\n\n**Accessibility**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A nearby user may be able to overhear spoken passwords\n\nDescription: A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords.\n\nCVE-2016-7634: Davut Hari, Biren V. Soni, Cameron Lee\n\nEntry updated January 10, 2017\n\n**Accessibility**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may be able to access photos and contacts from the lock screen\n\nDescription: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.\n\nCVE-2016-7664: Miguel Alvarado of iDeviceHelp\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An issue existed which did not reset the authorization settings on app uninstall\n\nDescription: This issue was addressed through improved sanitization.\n\nCVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nEntry added December 13, 2016\n\n**Clipboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to access clipboard contents \n\nDescription: The clipboard contents were accessible before device unlock. This issue was addressed through improved state management. \n\nCVE-2016-7765: CongRong (@Tr3jer)\n\nEntry updated January 17, 2017\n\n**CoreFoundation**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.\n\nCVE-2016-7663: an anonymous researcher\n\nEntry added December 13, 2016\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to unexpected application termination\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM\n\nEntry added December 13, 2016\n\n**CoreMedia External Displays**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7655: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**CoreMedia Playback**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\nEntry added December 13, 2016\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-7595: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\nEntry added December 13, 2016\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: An issue when rendering overlapping ranges was addressed through improved validation.\n\nCVE-2016-7667: Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)\n\nEntry added December 15, 2016\n\n**Disk Images**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\nEntry added December 13, 2016\n\n**Find My iPhone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker with an unlocked device may be able to disable Find My iPhone\n\nDescription: A state management issue existed in the handling of authentication information. This issue was addressed through improved storage of account information.\n\nCVE-2016-7638: an anonymous researcher, Sezer Sakiner\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-4691: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\nEntry added December 13, 2016\n\n**Graphics Driver**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Watching a maliciously crafted video may lead to a denial of service\n\nDescription: A denial of service issue existed in the handling of video. This issue was addressed through improved input validation.\n\nCVE-2016-7665: Moataz El Gaml of Schlumberger, Daniel Schurter of watson.ch and Marc Ruef of scip AG\n\nEntry updated December 15, 2016\n\n**ICU**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7594: Andr\u00e9 Bargull\n\nEntry added December 13, 2016\n\n**Image Capture**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HID device may be able to cause arbitrary code execution\n\nDescription: A validation issue existed in the handling of USB image devices. This issue was addressed through improved input validation.\n\nCVE-2016-4690: Andy Davis of NCC Group\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nEntry added December 13, 2016\n\n**IOHIDFamily**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7591: daybreaker of Minionz\n\nEntry added December 13, 2016\n\n**IOKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7657: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**IOKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7714: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A script executing in a JavaScript sandbox may be able to access state outside that sandbox\n\nDescription: A validation issue existed in processing JavaScript. This issue was addressed through improved validation.\n\nCVE-2016-4695: Mark S. Miller of Google\n\nEntry added August 16, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\n\nCVE-2016-7612: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to read kernel memory\n\nDescription: An insufficient initialization issue was addressed by properly initializing memory returned to user space.\n\nCVE-2016-7607: Brandon Azad\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7615: The UK's National Cyber Security Centre (NCSC)\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7621: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7637: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7644: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Kernel**\n\n****Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7647: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry added May 17, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may gain access to a device's MAC address\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2016-7766: Jun Yang(\u6768\u541b) of Tencent's WeiXin Group\n\nEntry added May 31, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2016-7619: an anonymous researcher\n\nEntry added December 13, 2016\n\n**Local Authentication**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: The device may not lock the screen after the idle timeout\n\nDescription: A logic issue existed in the handling of the idle timer when the Touch ID prompt is shown. This issue was addressed through improved handling of the idle timer.\n\nCVE-2016-7601: an anonymous researcher\n\n**Mail**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An email signed with a revoked certificate may appear valid\n\nDescription: S/MIME policy failed to check if a certificate was valid. This issue was addressed by notifying a user if an email was signed with a revoked certificate.\n\nCVE-2016-4689: an anonymous researcher\n\n**Media Player**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view photos and contacts from the lockscreen\n\nDescription: A validation issue existed in the handling of media selection. This issue was addressed through improved validation.\n\nCVE-2016-7653\n\n**Power Management**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7661: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Opening a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation.\n\nCVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2016-7650: Erling Ellingsen\n\nEntry added December 13, 2016\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm\n\nDescription: 3DES was removed as a default cipher.\n\nCVE-2016-4693: Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris\n\nEntry added December 13, 2016\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.\n\nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\nEntry added December 13, 2016\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Certificates may be unexpectedly evaluated as trusted\n\nDescription: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.\n\nCVE-2016-7662: Apple\n\nEntry added December 13, 2016\n\n**SpringBoard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may be able to unlock the device\n\nDescription: In some cases, a counter issue existed in the handling of passcode attempts when resetting the passcode. This was addressed through improved state management.\n\nCVE-2016-4781: an anonymous researcher\n\n**SpringBoard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may be able to keep the device unlocked\n\nDescription: A cleanup issue existed in the handling of Handoff with Siri. This was addressed through improved state management.\n\nCVE-2016-7597: an anonymous researcher\n\n**syslog**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7660: Ian Beer of Google Project Zero\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2016-4692: Apple\n\nCVE-2016-7635: Apple\n\nCVE-2016-7652: Apple\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-4743: Alan Cutter\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of user information\n\nDescription: A validation issue was addressed through improved state management.\n\nCVE-2016-7586: Boris Zbarsky\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved state management.\n\nCVE-2016-7587: Adam Klein\n\nCVE-2016-7610: Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2016-7611: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\nCVE-2016-7639: Tongbo Luo of Palo Alto Networks\n\nCVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7642: Tongbo Luo of Palo Alto Networks\n\nCVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab (tencent.com)\n\nCVE-2016-7654: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved state management.\n\nCVE-2016-7589: Apple\n\nCVE-2016-7656: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may compromise user information\n\nDescription: An issue existed in handling of JavaScript prompts. This was addressed through improved state management.\n\nCVE-2016-7592: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An uninitialized memory access issue was addressed through improved memory initialization.\n\nCVE-2016-7598: Samuel Gro\u00df\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of user information\n\nDescription: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.\n\nCVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: An issue existed in the handling of blob URLs. This issue was addressed through improved URL handling.\n\nCVE-2016-7623: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved state management.\n\nCVE-2016-7632: Jeonghoon Shin\n\nEntry added December 13, 2016\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to cross site scripting\n\nDescription: An issue existed in displaying documents in Safari. This issue was addressed through improved input validation.\n\nCVE-2016-7762: YongShao (Zhiyong Feng from JDSEC 1aq.com\u200d)\n\nEntry added January 24, 2017\n\n**WebSheet**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A sandbox escape issue was addressed through additional restrictions.\n\nCVE-2016-7630: Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n", "edition": 2, "modified": "2017-08-16T09:45:14", "published": "2017-08-16T09:45:14", "id": "APPLE:HT207422", "href": "https://support.apple.com/kb/HT207422", "title": "About the security content of iOS 10.2 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:29", "bulletinFamily": "software", "cvelist": ["CVE-2016-7628", "CVE-2016-8620", "CVE-2016-8623", "CVE-2016-5420", "CVE-2016-7714", "CVE-2016-7414", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-8619", "CVE-2016-7620", "CVE-2016-7603", "CVE-2016-7655", "CVE-2016-7761", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-8625", "CVE-2016-8618", "CVE-2016-7622", "CVE-2016-4691", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7141", "CVE-2016-7615", "CVE-2016-7629", "CVE-2016-7644", "CVE-2016-7643", "CVE-2016-8617", "CVE-2016-7624", "CVE-2016-1777", "CVE-2016-7413", "CVE-2016-7662", "CVE-2016-7617", "CVE-2016-7663", "CVE-2016-6304", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7609", "CVE-2016-7627", "CVE-2016-8622", "CVE-2016-7416", "CVE-2016-7657", "CVE-2016-7602", "CVE-2016-7633", "CVE-2016-7625", "CVE-2016-7604", "CVE-2016-7660", "CVE-2016-7411", "CVE-2016-8624", "CVE-2016-7417", "CVE-2016-7742", "CVE-2016-7621", "CVE-2016-6303", "CVE-2016-7600", "CVE-2016-7418", "CVE-2016-5421", "CVE-2016-7596", "CVE-2016-7607", "CVE-2016-7605", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7588", "CVE-2016-5419", "CVE-2016-7167", "CVE-2016-7612", "CVE-2016-8621", "CVE-2016-7608", "CVE-2016-7659", "CVE-2016-7412", "CVE-2016-7658"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite\n\nReleased December 13, 2016\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may cause an unexpected application termination or arbitrary code execution\n\nDescription: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.\n\nCVE-2016-7411\n\nCVE-2016-7412\n\nCVE-2016-7413\n\nCVE-2016-7414\n\nCVE-2016-7416\n\nCVE-2016-7417\n\nCVE-2016-7418\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**Assets**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may modify downloaded mobile assets\n\nDescription: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions.\n\nCVE-2016-7628: Marcel Bresink of Marcel Bresink Software-Systeme\n\nEntry updated December 15, 2016\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\nEntry updated December 14, 2016\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7605: daybreaker of Minionz\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero\n\n**CoreCapture**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved state management.\n\nCVE-2016-7604: daybreaker of Minionz\n\nEntry updated December 14, 2016\n\n**CoreFoundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.\n\nCVE-2016-7663: an anonymous researcher\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to unexpected application termination\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM\n\n**CoreMedia External Displays**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2016-7655: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**CoreMedia Playback**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\n**CoreStorage**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-7595: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted string may lead to a denial of service\n\nDescription: An issue when rendering overlapping ranges was addressed through improved validation.\n\nCVE-2016-7667: Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)\n\nEntry added December 15, 2016\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to leak sensitive user information\n\nDescription: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.\n\nCVE-2016-5419\n\nCVE-2016-5420\n\nCVE-2016-5421\n\nCVE-2016-7141\n\nCVE-2016-7167\n\nCVE-2016-8615\n\nCVE-2016-8616\n\nCVE-2016-8617\n\nCVE-2016-8618\n\nCVE-2016-8619\n\nCVE-2016-8620\n\nCVE-2016-8621\n\nCVE-2016-8622\n\nCVE-2016-8623\n\nCVE-2016-8624\n\nCVE-2016-8625\n\n**Directory Services**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7633: Ian Beer of Google Project Zero\n\n**Disk Images**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-2016-4691: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Foundation**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7618: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**Grapher**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7622: riusksk(\u6cc9\u54e5) of Tencent Security Platform Department\n\n**ICU**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7594: Andr\u00e9 Bargull\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed through improved bounds checking.\n\nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2016-7608: Brandon Azad\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOHIDFamily**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7591: daybreaker of Minionz\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7657: Keen Lab working with Trend Micro\u2019s Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**IOKit**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7714: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\nEntry added January 25, 2017\n\n**IOSurface**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: A shared memory issue was addressed through improved memory handling.\n\nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\n\nCVE-2016-7612: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to read kernel memory\n\nDescription: An insufficient initialization issue was addressed by properly initializing memory returned to user space.\n\nCVE-2016-7607: Brandon Azad\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause a system denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7615: The UK's National Cyber Security Centre (NCSC)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7621: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7637: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local application with system privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2016-7644: Ian Beer of Google Project Zero\n\n**Kernel**\n\n****Available for: macOS Sierra 10.12.1\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved memory handling.\n\nCVE-2016-7647: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry added May 17, 2017\n\n**kext tools**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2016-7629: @cocoahuke\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2016-7619: an anonymous researcher\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\nEntry updated December 14, 2016\n\n**OpenLDAP**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm\n\nDescription: RC4 was removed as a default cipher.\n\nCVE-2016-1777: Pepi Zawodsky\n\n**OpenPAM**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local unprivileged user may gain access to privileged applications\n\nDescription: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling.\n\nCVE-2016-7600: Perette Barella of DeviousFish.com\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation.\n\nCVE-2016-6303\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker with a privileged network position may be able to cause a denial of service\n\nDescription: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.\n\nCVE-2016-6304\n\n**Power Management**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7661: Ian Beer of Google Project Zero\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm\n\nDescription: 3DES was removed as a default cipher.\n\nCVE-2016-4693: Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.\n\nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Certificates may be unexpectedly evaluated as trusted\n\nDescription: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.\n\nCVE-2016-7662: Apple\n\n**syslog**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A local user may be able to gain root privileges\n\nDescription: An issue in mach port name references was addressed through improved validation.\n\nCVE-2016-7660: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: A malicious local user may be able to view sensitive network configuration information\n\nDescription: Network configuration was unexpectedly global. This issue was addressed by moving sensitive network configuration to per-user settings.\n\nCVE-2016-7761: Peter Loos, Karlsruhe, Germany\n\nEntry added January 24, 2017\n\n**xar**\n\nAvailable for: macOS Sierra 10.12.1\n\nImpact: Opening a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: The use of an uninitialized variable was addressed through improved validation.\n\nCVE-2016-7742: Gareth Evans of Context Information Security\n\nEntry added January 10, 2017\n\nmacOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite includes the security content of [Safari 10.0.2](<https://support.apple.com/kb/HT207421>).\n", "edition": 3, "modified": "2020-07-27T08:14:17", "published": "2020-07-27T08:14:17", "id": "APPLE:HT207423", "href": "https://support.apple.com/kb/HT207423", "title": "About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7628", "CVE-2016-8620", "CVE-2016-8623", "CVE-2016-5420", "CVE-2016-7714", "CVE-2016-7414", "CVE-2016-7647", "CVE-2016-4693", "CVE-2016-7594", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-7606", "CVE-2016-7667", "CVE-2016-8619", "CVE-2016-7620", "CVE-2016-7603", "CVE-2016-7655", "CVE-2016-7761", "CVE-2016-7637", "CVE-2016-7616", "CVE-2016-8625", "CVE-2016-8618", "CVE-2016-7622", "CVE-2016-4691", "CVE-2016-7636", "CVE-2016-7661", "CVE-2016-7141", "CVE-2016-7615", "CVE-2016-7629", "CVE-2016-7644", "CVE-2016-7643", "CVE-2016-8617", "CVE-2016-7624", "CVE-2016-1777", "CVE-2016-7413", "CVE-2016-7662", "CVE-2016-7617", "CVE-2016-7663", "CVE-2016-6304", "CVE-2016-7618", "CVE-2016-7619", "CVE-2016-7609", "CVE-2016-7627", "CVE-2016-8622", "CVE-2016-7416", "CVE-2016-7657", "CVE-2016-7602", "CVE-2016-7633", "CVE-2016-7625", "CVE-2016-7660", "CVE-2016-7411", "CVE-2016-8624", "CVE-2016-7417", "CVE-2016-7742", "CVE-2016-7621", "CVE-2016-6303", "CVE-2016-7600", "CVE-2016-7418", "CVE-2016-5421", "CVE-2016-7607", "CVE-2016-7605", "CVE-2016-7591", "CVE-2016-7595", "CVE-2016-7588", "CVE-2016-5419", "CVE-2016-7167", "CVE-2016-7612", "CVE-2016-8621", "CVE-2016-7608", "CVE-2016-7659", "CVE-2016-7412", "CVE-2016-7658"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2017-02-22T00:00:00", "id": "OPENVAS:1361412562310810567", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810567", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 February-2017", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 February-2017\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810567\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2016-7411\", \"CVE-2016-7412\", \"CVE-2016-7413\", \"CVE-2016-7414\",\n \"CVE-2016-7416\", \"CVE-2016-7417\", \"CVE-2016-7418\", \"CVE-2016-7609\",\n \"CVE-2016-7628\", \"CVE-2016-7658\", \"CVE-2016-7659\", \"CVE-2016-7624\",\n \"CVE-2016-7605\", \"CVE-2016-7617\", \"CVE-2016-7647\", \"CVE-2016-7663\",\n \"CVE-2016-7627\", \"CVE-2016-7655\", \"CVE-2016-7588\", \"CVE-2016-7603\",\n \"CVE-2016-7595\", \"CVE-2016-7667\", \"CVE-2016-5419\", \"CVE-2016-5420\",\n \"CVE-2016-5421\", \"CVE-2016-7141\", \"CVE-2016-7167\", \"CVE-2016-8615\",\n \"CVE-2016-8616\", \"CVE-2016-8617\", \"CVE-2016-8618\", \"CVE-2016-8619\",\n \"CVE-2016-8620\", \"CVE-2016-8621\", \"CVE-2016-8622\", \"CVE-2016-8623\",\n \"CVE-2016-8624\", \"CVE-2016-8625\", \"CVE-2016-7633\", \"CVE-2016-7616\",\n \"CVE-2016-4691\", \"CVE-2016-7618\", \"CVE-2016-7622\", \"CVE-2016-7594\",\n \"CVE-2016-7643\", \"CVE-2016-7602\", \"CVE-2016-7608\", \"CVE-2016-7591\",\n \"CVE-2016-7657\", \"CVE-2016-7625\", \"CVE-2016-7714\", \"CVE-2016-7620\",\n \"CVE-2016-7606\", \"CVE-2016-7612\", \"CVE-2016-7607\", \"CVE-2016-7615\",\n \"CVE-2016-7621\", \"CVE-2016-7637\", \"CVE-2016-7644\", \"CVE-2016-7629\",\n \"CVE-2016-7619\", \"CVE-2016-1777\", \"CVE-2016-7600\", \"CVE-2016-7742\",\n \"CVE-2016-6303\", \"CVE-2016-6304\", \"CVE-2016-7661\", \"CVE-2016-4693\",\n \"CVE-2016-7636\", \"CVE-2016-7662\", \"CVE-2016-7660\", \"CVE-2016-7761\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 17:03:09 +0530 (Wed, 22 Feb 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 February-2017\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.2 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207423\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName)\n{\n if(osVer =~ \"^10\\.12\" && version_is_less(version:osVer, test_version:\"10.12.2\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.2\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
