APPLE-SA-2016-07-18-1

APPLE-SA-2016-07-18-2

APPLE-SA-2016-07-18-3

APPLE-SA-2016-07-18-4

APPLE-SA-2016-07-18-6

91826

1036348

FEDORA-2019-320d5295fc

https://support.apple.com/HT206899

https://support.apple.com/HT206901

https://support.apple.com/HT206902

https://support.apple.com/HT206903

https://support.apple.com/HT206904

https://support.apple.com/HT206905

Update to 1.1.33

Fix CVE-2016-1841, CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, CVE-2016-4609, CVE-2019-11068, CVE-2016-1684, CVE-2016-1683, CVE-2016-4738.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The specific version of Mac OS X that the system is running is reportedly affected by the following vulnerabilities:

- Apple Mac OS X contains an unspecified NULL pointer dereference flaw in Audio, which may allow a local attacker to cause a denial of service for the system. (CVE-2016-4649)

- Apple Mac OS X contains a use-after-free flaw in DspFuncLib that is triggered as user-supplied input is not properly validated when handling function IDs. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code in the context of the kernel. (CVE-2016-4647)

- Apple Mac OS X contains a use-after-free error in the DspFuncLib extension. The issue is triggered when handling error conditions. With a specially crafted file, a local attacker can dereference already freed memory and potentially execute arbitrary code with root privileges. (CVE-2016-4648)

- Apple Mac OS X contains an out-of-bounds read flaw in ACMP4AACBaseDecoder that is triggered during the handling of a specially crafted MOV file. This may allow a context-dependent attacker to disclose user information. (CVE-2016-4646)

- Apple Mac OS X contains an integer overflow in bspatch related to bsdiff that is triggered as bounds are not properly checked. This may allow a local attacker to potentially gain elevated privileges. (CVE-2014-9862)

- Apple Mac OS X contains a permission flaw in CFNetwork that is triggered during the handling of web browser cookies. This may allow a local attacker to view sensitive user information. (CVE-2016-4645)

- Apple Mac OS X contains an out-of-bounds read flaw in CoreGraphics that is triggered as input is not properly validated. This may allow a local attacker to disclose kernel memory. (CVE-2016-4652)

- Multiple Apple products contain a flaw in CoreGraphics. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4637)

- Multiple Apple products contain a flaw in FaceTime that is triggered as user interface inconsistencies occur when handling relayed calls. This may allow a man-in-the-middle attacker to cause a relayed call to continue to transmit audio while the call appears to be terminated. (CVE-2016-4635)

- Apple Mac OS X contains a flaw in Graphics drivers. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4634)

- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4629)

- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4630)

- Multiple Apple products contain an unspecified flaw in ImageIO that is triggered as memory is not properly handled. This may allow a remote attacker to cause a consumption of available memory resources. (CVE-2016-4632)

- Multiple Apple products contain multiple flaws in ImageIO. The issues are triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4631)

- Apple Mac OS X contains multiple flaws in the Intel Graphics driver. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4633)

- Multiple Apple products contain an unspecified NULL pointer dereference flaw in IOHIDFamily that is triggered as input is not properly validated. This may allow a local attacker to gain elevated, kernel privileges.  (CVE-2016-4626)

- Apple Mac OS X contains a use-after-free error in IOSurface that is triggered as memory is not properly managed, which may allow a local attacker to dereference already freed memory and gain elevated, kernel privileges. (CVE-2016-4625)

- Multiple Apple products contain a flaw in Sandbox Profiles that is triggered as restrictions are not properly enforced on privileged API calls. This may allow a local attacker to access the process list. (CVE-2016-4594)

- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1863)

- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-4582)

- Multiple Apple products contain an unspecified NULL pointer dereference flaw in Kernel that is triggered as input is not properly validated. This may allow a local attacker to cause a denial of service for the system. (CVE-2016-1865)

- Apple Mac OS X contains multiple flaws in libc++abi. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with root privileges. (CVE-2016-4621)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4614)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4615)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4616)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4619)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4607)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4608)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4609)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4610)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4612)

- Apple Mac OS X contains an unspecified type confusion flaw in the Login Window, which may allow a local attacker to gain elevated, root privileges. (CVE-2016-4638)

- Apple Mac OS X contains an overflow condition that is triggered as user-supplied input is not properly validated when interacting with _XRegisterCursorWithData. This may allow a local attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-4640)

- Apple Mac OS X contains a type confusion flaw that is triggered by certain _XSetDictionaryForCurrentSession interactions, which may allow a local attacker to gain elevated privileges. (CVE-2016-4641)

- Apple Mac OS X contains an unspecified memory initialization flaw in the Login Window, which may allow a local attacker to cause a denial of service. (CVE-2016-4639)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted SGI file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4601)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted Photoshop Document (PSD). This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4599)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4596)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4597)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4600)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4602)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted image file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4598)

- Apple Mac OS X contains a flaw in the Safari Login AutoFill feature that can cause the user's password to be displayed unobfuscated on the screen. This may allow a physically present attacker to potentially gain knowledge of a user's password. (CVE-2016-4595)

- Multiple Apple products contain a flaw in IOPMrootDomain in the kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute code with elevated privileges. (CVE-2016-4653)

- Multiple Apple Products contain a flaw in CFNetwork Proxies that is due to the transfer of password information in cleartext. This may allow a man-in-the-middle attacker to gain access to password information. (CVE-2016-4642)

- Multiple Apple Products contain a flaw in CFNetowrk Proxies that is triggered when parsing 407 responses. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4643)

- Multiple Apple products contain a downgrade flaw in CFNetwork Proxies that is triggered when saving HTTP authentication credentials in the Keychain. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4644)

The remote host is running a version of iOS 9.3.x prior to version 9.3.3, and the following components contain vulnerabilities :

 - CFNetwork
 - libxml2
 - WebKit
 - CoreGraphics
 - FaceTime
 - ImageIO
 - IOHIDFamily
 - Sandbox
 - Kernel
 - libxslt
 - Calender
 - IOAcceleratorFamily
 - Safari
 - Siri Contacts
 - Web Media

The remote host is running a version of Mac OS X version 10.11.x prior to 10.11.6, and the following components contain vulnerabilities :

 - ACMP4AACBaseDecoder
 - Audio
 - CFNetwork
 - CoreGraphics
 - DspFuncLib
 - FaceTime
 - Graphics
 - IOHIDFamily
 - IOSurface
 - ImageIO
 - Kernel
 - QuickTime
 - Safari
 - Sandbox
 - libxml2

Versions of Apple TV 9.2.x prior to 9.2.2 are affected by multiple vulnerabilities in the following components :

 - CFNetwork
 - CoreGraphics
 - IOAcceleratorFamily
 - IOHIDFamily
 - ImageIO
 - Kernel
 - libxml2
 - libxslt
 - Sandbox

The remote host is running a version of Mac OS X that is 10.9.5 or 10.10.5 and is missing Security Update 2016-004. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php (affects 10.10.5 only)
  - CoreGraphics
  - ImageIO
  - libxml2
  - libxslt

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache_mod_php
  - Audio
  - bsdiff
  - CFNetwork
  - CoreGraphics
  - FaceTime
  - Graphics Drivers
  - ImageIO
  - Intel Graphics Driver
  - IOHIDFamily
  - IOKit
  - IOSurface
  - Kernel
  - libc++abi
  - libexpat
  - LibreSSL
  - libxml2
  - libxslt
  - Login Window
  - OpenSSL
  - QuickTime
  - Safari Login AutoFill
  - Sandbox Profiles

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

According to its banner, the version of the remote Apple TV device is prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities in the following components :

  - CoreGraphics
  - ImageIO
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - libxml2
  - libxslt
  - Sandbox Profiles
  - WebKit
  - WebKit Page Loading

Note that only 4th generation models are affected by the vulnerabilities.

The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :

  - Multiple memory corruption issues exist in the libxslt     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2016-1684,     CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,     CVE-2016-4610, CVE-2016-4612)

  - Multiple memory corruption issues exist in the libxml2     component that allow a remote attacker to cause a denial     of service condition or the execution of arbitrary code.
    (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,     CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,     CVE-2016-4616, CVE-2016-4619)

  - An XXE (Xml eXternal Entity) injection vulnerability     exists in the libxml2 component due to an incorrectly     configured XML parser accepting XML external entities     from an untrusted source. A remote attacker can exploit     this, via a specially crafted XML file, to disclose     arbitrary files and user information. (CVE-2016-4449)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities :

  - Multiple memory corruption issues exist in the libxslt     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2016-1684,     CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,     CVE-2016-4610, CVE-2016-4612)

  - Multiple memory corruption issues exist in the libxml2     component that allow a remote attacker to cause a denial     of service condition or the execution of arbitrary code.
    (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,     CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,     CVE-2016-4616, CVE-2016-4619)

  - An XXE (Xml eXternal Entity) injection vulnerability     exists in the libxml2 component due to an incorrectly     configured XML parser accepting XML external entities     from an untrusted source. A remote attacker can exploit     this, via a specially crafted XML file, to disclose     arbitrary files and user information. (CVE-2016-4449)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of iOS running on the mobile device is prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities, the most serious of which can result in remote code execution, in the following components :

  - Calendar
  - CoreGraphics
  - FaceTime
  - ImageIO
  - IOAcceleratorFamily
  - IOHIDFamily
  - Kernel
  - libxml2
  - libxslt
  - Safari
  - Sandbox Profiles
  - Siri Contacts
  - Web Media
  - WebKit
  - WebKit JavaScript Bindings
  - WebKit Page Loading

ID	Name	Product	Family	Severity
126015	Fedora 30 : mingw-libxslt (2019-320d5295fc)	Nessus	Fedora Local Security Checks	high
802026	Mac OS X < 10.11.6 Multiple Vulnerabilities	Log Correlation Engine	Operating System Detection	critical
9445	Apple iOS 9.3.x < 9.3.3 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
9441	Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
9430	Apple TV 9.2.x < 9.2.2 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	medium
92497	Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)	Nessus	MacOS X Local Security Checks	critical
92496	Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
92494	Apple TV < 9.2.2 Multiple Vulnerabilities	Nessus	Misc.	critical
92411	Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	critical
92410	Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
92359	Apple iOS < 9.3.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2016-4608

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins