93949

1037139

https://support.apple.com/HT207270

https://support.apple.com/HT207272

https://support.apple.com/HT207273

https://support.apple.com/HT207274

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Apple Safari installed on the remote Mac OS X or macOS host is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities in WebKit :

  - An unspecified flaw exists in state management due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     specially crafted web content, to disclose sensitive     user information. (CVE-2016-4613)

  - Multiple memory corruption issues exist due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit these, via specially crafted     web content, to execute arbitrary code. (CVE-2016-4666,     CVE-2016-4677, CVE-2016-7578)

The version of Apple iTunes running on the remote Windows host is prior to 12.5.2 It is, therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in WebKit     when handling the location attribute due to improper     validation of user-supplied input. An unauthenticated,     remote attacker can exploit this, via specially crafted     web content, to disclose sensitive information on the     user's system. (CVE-2016-4613)

  - Multiple memory corruption issues exist in WebKit due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these, via     specially crafted web content, to execute arbitrary     code. (CVE-2016-7578)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iTunes installed on the remote Windows host is prior to 12.5.2. It is, therefore, affected by multiple vulnerabilities :

  - A cross-origin bypass vulnerability exists in WebKit due     to improper handling of the location attribute. An     unauthenticated, remote attacker can exploit this, by     convincing a user to visit a maliciously crafted     website, to bypass cross-origin policies and disclose     sensitive user data. (CVE-2016-4613)

  - Multiple memory corruption errors exist in WebKit due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these     issues, by convincing a user to visit a maliciously     crafted website, to execute arbitrary code.
    (CVE-2016-7578)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Versions of Apple TV earlier than 10.0.1 are vulnerable to the following issues :

 - A flaw exists in WebKit when handling the location attribute that allows a unauthenticated, remote attacker to bypass the cross-origin policies and disclose sensitive user information. (CVE-2016-4613)
 - An out-of-bounds read error exists in the FontParser component when handling specially crafted font files that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-4660)
 - An unspecified flaw exists in the Sandbox Profiles component that allows a local attacker, via a specially crafted application, to disclose the metadata of photo directories. (CVE-2016-4664)
 - An unspecified flaw exists in the Sandbox Profiles component that allows a local attacker, via a specially crafted application, to disclose the metadata of audio recordings. (CVE-2016-4665)
 - Multiple memory corruption issues exist in Webkit due to improper validation of user-supplied input.  An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2016-4666, CVE-2016-4677)
 - Multiple unspecified flaws exist in the System Boot component, within MIG generated code, due to improper validation of input.  A local attacker can exploit these to terminate the system or execute arbitrary code with elevated privileges. (CVE-2016-4669)
 - A memory corruption issue exists in the CoreGraphics component when handling specially crafted JPEG files.  An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-4673)
 - An unspecified logic issue exists in libxpc that allows a local attacker to execute arbitrary code with root privileges. (CVE-2016-4675)
 - A NULL pointer dereference flaw exists in AppleSMC's smcHandleYPCEvent facility that is due to insufficient locking, which may allow a local attacker to gain elevated privileges. (CVE-2016-4678)
 - A flaw exists in libarchive due to improper path validation when creating temporary files during archive extraction.  An unauthenticated, remote attacker can exploit this, via a symlink attack, to overwrite arbitrary files. (CVE-2016-4679)
 - An unspecified flaw exists in the Kernel component due to improper sanitization of input.  A local attacker can exploit this to disclose kernel memory contents. (CVE-2016-4680)
 - A flaw exists in the CFNetwork Proxies component when handling proxy credentials that allows a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-7579)
 - A race condition exists in multiple IOKit drivers related to how they use task struct pointers.  This may allow a local attacker to potentially execute arbitrary code with kernel-level privileges. (CVE-2016-7613)

Note that only 4th generation models are affected by these vulnerabilities.

According to its banner, the version of Apple TV on the remote device is prior to 10.0.1. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in WebKit when handling the location     attribute that allows an unauthenticated, remote     attacker to bypass the cross-origin policies and     disclose sensitive user information. (CVE-2016-4613)

  - An out-of-bounds read error exists in the FontParser     component when handling specially crafted font files     that allows an unauthenticated, remote attacker to     disclose sensitive information. (CVE-2016-4660)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of photo     directories. (CVE-2016-4664)

  - An unspecified flaw exists in the Sandbox Profiles     component that allows a local attacker, via a specially     crafted application, to disclose the metadata of audio     recordings. (CVE-2016-4665)

  - Multiple memory corruption issues exist in Webkit due     to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these to     execute arbitrary code. (CVE-2016-4666, CVE-2016-4677,     CVE-2016-7578)

  - Multiple unspecified flaws exist in the System Boot     component, within MIG generated code, due to improper     validation of input. A local attacker can exploit these     to terminate the system or execute arbitrary code with     elevated privileges. (CVE-2016-4669)

  - A memory corruption issue exists in the CoreGraphics     component when handling specially crafted JPEG files. An     unauthenticated, remote attacker can exploit this, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-4673)

  - An unspecified logic issue exists in libxpc that allows     a local attacker to execute arbitrary code with root     privileges. (CVE-2016-4675)

  - A flaw exists in libarchive due to improper path     validation when creating temporary files during archive     extraction. An unauthenticated, remote attacker can     exploit this, via a symlink attack, to overwrite     arbitrary files. (CVE-2016-4679)

  - An unspecified flaw exists in the Kernel component due     to improper sanitization of input. A local attacker can     exploit this to disclose kernel memory contents.
    (CVE-2016-4680)

  - An overflow condition exists in the FontParser component     due to improper validation when parsing font files. An     unauthenticated, remote attacker can exploit this to     cause a buffer overflow, resulting in a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-4688)

  - A flaw exists in the CFNetwork Proxies component when     handling proxy credentials that allows a     man-in-the-middle attacker to disclose sensitive user     information. (CVE-2016-7579)

  - A flaw exists in the AppleMobileFileIntegrity component     due to improper validation of code signatures. A local     attacker can exploit this to have a signed executable     substitute code with the same team ID. (CVE-2016-7584)

  - Multiple race conditions exist in various IOKit drivers     related to how they use task struct pointers. A local     attacker can exploit this to execute arbitrary code with     kernel-level privileges. (CVE-2016-7613)

Note that only 4th generation models are affected by these vulnerabilities.

ID	Name	Product	Family	Severity
96406	Ubuntu 16.04 LTS : webkit2gtk vulnerabilities (USN-3166-1)	Nessus	Ubuntu Local Security Checks	high
95411	macOS : Apple Safari < 10.0.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
94934	Apple iTunes < 12.5.2 Multiple Vulnerabilities (Uncredentialed Check)	Nessus	Peer-To-Peer File Sharing	medium
94915	Apple iTunes < 12.5.2 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	medium
9757	Apple TV < 10.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	high
94337	Apple TV < 10.0.1 Multiple Vulnerabilities	Nessus	Misc.	high

CVE-2016-4613

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins