Mac OS X < 10.11.6 Multiple Vulnerabilities

critical Log Correlation Engine Plugin ID 802026
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The specific version of Mac OS X that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of Mac OS X that the system is running is reportedly affected by the following vulnerabilities:

- Apple Mac OS X contains an unspecified NULL pointer dereference flaw in Audio, which may allow a local attacker to cause a denial of service for the system. (CVE-2016-4649)

- Apple Mac OS X contains a use-after-free flaw in DspFuncLib that is triggered as user-supplied input is not properly validated when handling function IDs. This may allow a local attacker to dereference already freed memory and potentially execute arbitrary code in the context of the kernel. (CVE-2016-4647)

- Apple Mac OS X contains a use-after-free error in the DspFuncLib extension. The issue is triggered when handling error conditions. With a specially crafted file, a local attacker can dereference already freed memory and potentially execute arbitrary code with root privileges. (CVE-2016-4648)

- Apple Mac OS X contains an out-of-bounds read flaw in ACMP4AACBaseDecoder that is triggered during the handling of a specially crafted MOV file. This may allow a context-dependent attacker to disclose user information. (CVE-2016-4646)

- Apple Mac OS X contains an integer overflow in bspatch related to bsdiff that is triggered as bounds are not properly checked. This may allow a local attacker to potentially gain elevated privileges. (CVE-2014-9862)

- Apple Mac OS X contains a permission flaw in CFNetwork that is triggered during the handling of web browser cookies. This may allow a local attacker to view sensitive user information. (CVE-2016-4645)

- Apple Mac OS X contains an out-of-bounds read flaw in CoreGraphics that is triggered as input is not properly validated. This may allow a local attacker to disclose kernel memory. (CVE-2016-4652)

- Multiple Apple products contain a flaw in CoreGraphics. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4637)

- Multiple Apple products contain a flaw in FaceTime that is triggered as user interface inconsistencies occur when handling relayed calls. This may allow a man-in-the-middle attacker to cause a relayed call to continue to transmit audio while the call appears to be terminated. (CVE-2016-4635)

- Apple Mac OS X contains a flaw in Graphics drivers. The issue is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4634)

- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4629)

- Apple Mac OS X contains a flaw in ImageIO. The issue is triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4630)

- Multiple Apple products contain an unspecified flaw in ImageIO that is triggered as memory is not properly handled. This may allow a remote attacker to cause a consumption of available memory resources. (CVE-2016-4632)

- Multiple Apple products contain multiple flaws in ImageIO. The issues are triggered as user-supplied input is not properly validated. This may allow a remote attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4631)

- Apple Mac OS X contains multiple flaws in the Intel Graphics driver. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4633)

- Multiple Apple products contain an unspecified NULL pointer dereference flaw in IOHIDFamily that is triggered as input is not properly validated. This may allow a local attacker to gain elevated, kernel privileges. (CVE-2016-4626)

- Apple Mac OS X contains a use-after-free error in IOSurface that is triggered as memory is not properly managed, which may allow a local attacker to dereference already freed memory and gain elevated, kernel privileges. (CVE-2016-4625)

- Multiple Apple products contain a flaw in Sandbox Profiles that is triggered as restrictions are not properly enforced on privileged API calls. This may allow a local attacker to access the process list. (CVE-2016-4594)

- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-1863)

- Multiple Apple products contain a flaw in the Kernel that is triggered as user-supplied input is not properly validated. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with kernel privileges. (CVE-2016-4582)

- Multiple Apple products contain an unspecified NULL pointer dereference flaw in Kernel that is triggered as input is not properly validated. This may allow a local attacker to cause a denial of service for the system. (CVE-2016-1865)

- Apple Mac OS X contains multiple flaws in libc++abi. The issues are triggered as user-supplied input is not properly validated when handling memory. This may allow a local attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code with root privileges. (CVE-2016-4621)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4614)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4615)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4616)

- Multiple Apple products contain a flaw in libxml2 that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4619)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4607)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4608)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4609)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4610)

- Multiple Apple products contain a flaw in libxslt that is triggered as user-supplied input is not properly validated. This may allow an attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4612)

- Apple Mac OS X contains an unspecified type confusion flaw in the Login Window, which may allow a local attacker to gain elevated, root privileges. (CVE-2016-4638)

- Apple Mac OS X contains an overflow condition that is triggered as user-supplied input is not properly validated when interacting with _XRegisterCursorWithData. This may allow a local attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2016-4640)

- Apple Mac OS X contains a type confusion flaw that is triggered by certain _XSetDictionaryForCurrentSession interactions, which may allow a local attacker to gain elevated privileges. (CVE-2016-4641)

- Apple Mac OS X contains an unspecified memory initialization flaw in the Login Window, which may allow a local attacker to cause a denial of service. (CVE-2016-4639)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted SGI file. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code. (CVE-2016-4601)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted Photoshop Document (PSD). This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4599)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4596)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4597)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4600)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted FlashPix Bitmap (FPX) file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4602)

- Apple Mac OS X contains a flaw in QuickTime. The issue is triggered as user-supplied input is not properly validated when handling a specially crafted image file. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4598)

- Apple Mac OS X contains a flaw in the Safari Login AutoFill feature that can cause the user's password to be displayed unobfuscated on the screen. This may allow a physically present attacker to potentially gain knowledge of a user's password. (CVE-2016-4595)

- Multiple Apple products contain a flaw in IOPMrootDomain in the kernel that is triggered as certain input is not properly validated. This may allow a local attacker to corrupt memory and potentially execute code with elevated privileges. (CVE-2016-4653)

- Multiple Apple Products contain a flaw in CFNetwork Proxies that is due to the transfer of password information in cleartext. This may allow a man-in-the-middle attacker to gain access to password information. (CVE-2016-4642)

- Multiple Apple Products contain a flaw in CFNetowrk Proxies that is triggered when parsing 407 responses. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4643)

- Multiple Apple products contain a downgrade flaw in CFNetwork Proxies that is triggered when saving HTTP authentication credentials in the Keychain. This may allow a man-in-the-middle attacker to disclose sensitive user information. (CVE-2016-4644)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

http://www.talosintelligence.com/reports/TALOS-2016-0181/

http://www.talosintelligence.com/reports/TALOS-2016-0186/

http://www.talosintelligence.com/reports/TALOS-2016-0180/

http://www.talosintelligence.com/reports/TALOS-2016-0171/

https://support.apple.com/en-us/HT206902

https://support.apple.com/en-us/HT206903

https://support.apple.com/en-us/HT206904

https://support.apple.com/en-us/HT206905

http://www.apple.com/

http://seclists.org/bugtraq/2016/Jul/75

http://jvn.jp/vu/JVNVU94844193/index.html

http://www.zerodayinitiative.com/advisories/ZDI-16-437/

http://www.zerodayinitiative.com/advisories/ZDI-16-438/

http://www.zerodayinitiative.com/advisories/ZDI-16-496/

http://www.zerodayinitiative.com/advisories/ZDI-16-439/

https://www.freebsd.org/security/advisories/FreeBSD-SA-16%3A25.bspatch.asc

http://seclists.org/bugtraq/2016/Jul/122

http://www.eweek.com/security/apple-announces-os-x-and-ios-security-updates.html

http://www.zerodayinitiative.com/advisories/ZDI-16-432/

http://www.theregister.co.uk/2016/07/21/wavering_about_apples_latest_security_fix_dont_says_talos/

http://www.zdnet.com/article/ios-mac-flaw-exposes-your-password-with-one-image-file/

http://seclists.org/bugtraq/2016/Jul/76

http://seclists.org/bugtraq/2016/Jul/77

http://seclists.org/bugtraq/2016/Jul/78

http://seclists.org/bugtraq/2016/Jul/79

http://www.theregister.co.uk/2016/07/19/apple_patches_july2016/

http://www.infosecurity-magazine.com/news/stagefright-returns-users-urged-to/

http://metro.co.uk/2016/07/23/dont-panic-but-your-iphone-could-get-hacked-any-day-now-6024897/

http://www.zerodayinitiative.com/advisories/ZDI-16-434/

https://support.apple.com/en-us/HT206901

https://support.apple.com/en-us/HT206899

http://seclists.org/bugtraq/2016/Jul/80

http://www.zerodayinitiative.com/advisories/ZDI-16-435/

http://www.zerodayinitiative.com/advisories/ZDI-16-433/

http://www.zerodayinitiative.com/advisories/ZDI-16-431/

http://www.zerodayinitiative.com/advisories/ZDI-16-436/

http://falseconnect.com/

http://www.techworm.net/2016/08/falseconnect-vulnerability-affects-internet-users.html

http://www.theregister.co.uk/2016/08/17/falseconnect_sends_vendors_scrambling_to_patch_proxy_mitm_bug/

http://jvn.jp/vu/JVNVU90754453/index.html

Plugin Details

Severity: Critical

ID: 802026

Published: 9/8/2016

Updated: 9/8/2016

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 7/18/2016

Vulnerability Publication Date: 8/15/2016

Reference Information

CVE: CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4631, CVE-2016-4643, CVE-2016-4644, CVE-2016-4642, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4637, CVE-2016-4632, CVE-2016-4626, CVE-2016-1863, CVE-2016-4582, CVE-2016-4653, CVE-2016-1865, CVE-2016-4594, CVE-2016-4649, CVE-2016-4647, CVE-2016-4648, CVE-2016-4646, CVE-2014-9862, CVE-2016-4645, CVE-2016-4652, CVE-2016-4635, CVE-2016-4634, CVE-2016-4629, CVE-2016-4630, CVE-2016-4633, CVE-2016-4625, CVE-2016-4621, CVE-2016-4638, CVE-2016-4640, CVE-2016-4641, CVE-2016-4639, CVE-2016-4601, CVE-2016-4599, CVE-2016-4596, CVE-2016-4597, CVE-2016-4600, CVE-2016-4602, CVE-2016-4598, CVE-2016-4595, CVE-2016-4619, CVE-2016-4612