APPLE-SA-2016-09-20

APPLE-SA-2016-09-20-3

APPLE-SA-2016-09-20-5

APPLE-SA-2016-09-20-6

93054

1036858

https://support.apple.com/HT207141

https://support.apple.com/HT207142

https://support.apple.com/HT207143

https://support.apple.com/HT207170

The remote host is running a version of Mac OS X version 10.x prior to 10.12, and is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2016-4694)
 - apache_mod_php (CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773, CVE-2016-6174, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297)
 - Apple HSSPI Support (CVE-2016-4697)
 - AppleEFIRuntime (CVE-2016-4696)
 - AppleMobileFileIntegrity (CVE-2016-4698)
 - AppleUUC (CVE-2016-4699, CVE-2016-4700)
 - Application Firewall (CVE-2016-4701)
 - ATS (CVE-2016-4779)
 - Audio (CVE-2016-4702)
 - Bluetooth (CVE-2016-4703)
 - cd9660 (CVE-2016-4706)
 - CFNetwork (CVE-2016-4707, CVE-2016-4708)
 - CommonCrypto (CVE-2016-4711)
 - CoreCrypto (CVE-2016-4712)
 - CoreDisplay (CVE-2016-4713)
 - curl (CVE-2016-0755, CVE-2016-4606)
 - Date & Time Pref Pane (CVE-2016-4715)
 - DiskArbitration (CVE-2016-4716)
 - File Bookmark (CVE-2016-4717)
 - FontParser (CVE-2016-4718)
 - IDS - Connectivity (CVE-2016-4722)
 - Intel Graphics Driver (CVE-2016-4723, CVE-2016-7582)
 - IOAcceleratorFamily (CVE-2016-4724, CVE-2016-4725, CVE-2016-4726)
 - IOThunderboltFamily (CVE-2016-4727)
 - Kerberos v5 PAM module (CVE-2016-4745)
 - Kernel (CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4775, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778)
 - lib archive (CVE-2016-4736)
 - libxml2 (CVE-2016-4658, CVE-2016-5131)
 - libxpc (CVE-2016-4617)
 - libxslt (CVE-2016-4738)
 - mDNSResponder (CVE-2016-4739)
 - NSSecureTextField (CVE-2016-4742)
 - Perl (CVE-2016-4748, CVE-2016-4750)
 - Security (CVE-2016-4752, CVE-2016-4753)
 - Terminal (CVE-2016-4755)
 - WindowServer (CVE-2016-4709, CVE-2016-4710)

Versions of Apple TV earlier than 10.0 are vulnerable to the following issues :

 - A flaw exists in libxml2 that is triggered as certain input is not properly validated.  This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4658)
 - A flaw exists in FontParser that is triggered during the handling of a specially crafted font file. This may allow a context-dependent attacker to disclose information in process memory. (CVE-2016-4718)
 - An unspecified flaw exists in IOAcceleratorFamily that may allow a context-dependent attacker to disclose arbitrary contents of the memory.  No further details have been provided. (CVE-2016-4725)
 - A flaw exists in IOAcceleratorFamily that is triggered as certain input is not properly validated.  This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4726)
 - A flaw exists in libxslt that is triggered as certain input is not properly validated.  This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4738)
 - A flaw exists that is triggered during the handling of a signed disk image.  This may allow a local attacker to gain elevated privileges.  No further details have been provided by the vendor. (CVE-2016-4753)
 - A flaw exists in the kernel that is triggered as the system fails to properly handle locking.  This may allow a remote attacker to cause a denial of service. (CVE-2016-4772)
 - An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory.  No further details have been provided. (CVE-2016-4773)
 - An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory.  No further details have been provided. (CVE-2016-4774)
 - A flaw exists in the Kernel that is triggered as certain input is not properly validated.  This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4775)
 - An out-of-bounds read flaw exists in the Kernel that that may allow a local attacker to disclose the contents of memory.  No further details have been provided. (CVE-2016-4776)
 - An untrusted pointer dereference flaw exists in the Kernel that may allow a local attacker to gain elevated privileges.  No further details have been provided by the vendor. (CVE-2016-4777)
 - A flaw exists in the Kernel that is triggered as certain input is not properly validated.  This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4778)

The version of iOS running on the mobile device is prior to 10.0, and is affected by multiple vulnerabilities in the following components :

 - AppleMobileFileIntegrity (CVE-2016-4698)
 - Assets (CVE-2016-4741)
 - Audio (CVE-2016-4702)
 - CFNetwork (CVE-2016-4707, CVE-2016-4708)
 - CommonCrypto (CVE-2016-4711, CVE-2016-4712)
 - FontParser (CVE-2016-4718)
 - GeoServices (CVE-2016-4719)
 - IDS - Connectivity (CVE-2016-4722)
 - IOAcceleratorFamily (CVE-2016-4724, CVE-2016-4725, CVE-2016-4726)
 - Kernel (CVE-2016-4771, CVE-2016-4772, CVE-2016-4773, CVE-2016-4774, CVE-2016-4776, CVE-2016-4777, CVE-2016-4778)
 - Keyboards (CVE-2016-4746)
 - libxml2 (CVE-2016-4658, CVE-2016-5131)
 - libxslt (CVE-2016-4738)
 - Mail (CVE-2016-4747)
 - Messages (CVE-2016-4740)
 - Printing UIKit (CVE-2016-4749)
 - S2 Camera (CVE-2016-4750)
 - Safari Reader (CVE-2016-4618)
 - Sandbox Profiles (CVE-2016-4620)
 - Security (CVE-2016-4753)
 - Springboard (CVE-2016-7759)
 - WebKit (CVE-2016-4728, CVE-2016-4758, CVE-2016-4611, CVE-2016-4729, CVE-2016-4730, CVE-2016-4731, CVE-2016-4734, CVE-2016-4735, CVE-2016-4737, CVE-2016-4759, CVE-2016-4762, CVE-2016-4766, CVE-2016-4767, CVE-2016-4768, CVE-2016-4760, CVE-2016-4733, CVE-2016-4765, CVE-2016-4763)

According to its banner, the version of Apple TV on the remote device is prior to 10. It is, therefore, affected by multiple vulnerabilities in the following components :

  - Audio
  - CFNetwork
  - CoreCrypto
  - FontParser
  - IOAcceleratorFamily
  - Kernel
  - libxml2
  - libxslt
  - Security
  - WebKit

Note that only 4th generation models are affected by these vulnerabilities.

The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, or is not macOS 10.12. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple HSSPI Support
  - AppleEFIRuntime
  - AppleMobileFileIntegrity
  - AppleUCC
  - Application Firewall
  - ATS
  - Audio
  - Bluetooth
  - cd9660
  - CFNetwork
  - CommonCrypto
  - CoreCrypto
  - CoreDisplay
  - curl
  - Date & Time Pref Pane
  - DiskArbitration
  - File Bookmark
  - FontParser
  - IDS - Connectivity
  - ImageIO
  - Intel Graphics Driver
  - IOAcceleratorFamily
  - IOThunderboltFamily
  - Kerberos v5 PAM module
  - Kernel
  - libarchive
  - libxml2
  - libxpc
  - libxslt
  - mDNSResponder
  - NSSecureTextField
  - Perl
  - S2 Camera
  - Security
  - Terminal
  - WindowServer

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
9620	Mac OS X 10.x < 10.12 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
9620	Mac OS X 10.x < 10.12 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
9621	Apple TV < 10.0 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	critical
9621	Apple TV < 10.0 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	critical
9619	Apple iOS < 10.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	critical
9619	Apple iOS < 10.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	critical
93776	Apple TV < 10 Multiple Vulnerabilities	Nessus	Misc.	critical
93685	macOS < 10.12 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2016-4777

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical