The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apple MacOS X

computer vulnerability note 20429

WebKit: Man-in-the-Middle via Proxy CONNECT

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle when an HTTP proxy is configured, in order to alter the visible content of an https site, to execute JavaScript code for example.
Impacted products: iOS by Apple, iPhone, Mac OS X, Opera, WebKit.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet server.
Creation date: 18/08/2016.
Identifiers: FalseCONNECT, HT206902, HT206903, VIGILANCE-VUL-20429, VU#905344.

Description of the vulnerability

When an HTTP proxy is configured, the web browser uses the HTTP CONNECT method to ask the proxy to setup a secured TLS session.

However, the HTTP CONNECT query and its reply are sent in a clear HTTP session. An attacker can act as a Man-in-the-Middle, and spoof a 407 Proxy Authentication reply to the client, not containing a Proxy-Authenticate header, but containing an HTTP body.

The RFC 7235 indicates that the HTTP body must not be displayed. However, WebKit displays it, and executes its content in the context of the requested https/TLS site.

An attacker can therefore act as a Man-in-the-Middle when an HTTP proxy is configured, in order to alter the visible content of an https site, to execute JavaScript code for example.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-1801 CVE-2016-5134

Proxy Auto-Config: obtaining visited HTTPS URLs

Synthesis of the vulnerability

An attacker can host a PAC file conceived to retrieve information sent to FindProxyForURL(), and use a Man-in-the-Middle to force the victim to use it, in order to obtain information on visited URLs.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Chrome, Firefox, SeaMonkey, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/08/2016.
Identifiers: CVE-2016-1801, CVE-2016-5134, DSA-3637-1, HT206567, HT206568, openSUSE-SU-2016:1865-1, openSUSE-SU-2016:1868-1, openSUSE-SU-2016:1869-1, openSUSE-SU-2016:1918-1, RHSA-2016:1485-01, VIGILANCE-VUL-20329, VU#877625.

Description of the vulnerability

The Proxy Auto-Config (PAC, usually transmitted via WPAD) feature is used by web browsers to automatically detect the proxy to use to reach a remote web site.

The proxy.pac file (usually hosted on an intranet site such as http://intranet/proxy.pac) contains a FindProxyForURL() function, which indicates the proxy to use for a given URL. However, sensitive HTTPS urls also use FindProxyForURL().

An attacker can therefore host a PAC file conceived to retrieve information sent to FindProxyForURL(), and use a Man-in-the-Middle to force the victim to use it, in order to obtain information on visited URLs.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5419 CVE-2016-5420 CVE-2016-5421

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, Brocade vTM, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 03/08/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, DLA-586-1, DSA-3638-1, FEDORA-2016-24316f1f56, FEDORA-2016-8354baae0f, HT207423, JSA10874, openSUSE-SU-2016:2227-1, openSUSE-SU-2016:2379-1, RHSA-2016:2575-02, RHSA-2018:3558-01, SSA:2016-219-01, STORM-2019-002, USN-3048-1, VIGILANCE-VUL-20295.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

The TLS client of libcurl can resume a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5419]

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5420]

An attacker can force the usage of a freed memory area via curleasyinit(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5421]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-6296

xmlrpc: integer overflow

Synthesis of the vulnerability

An attacker can generate an integer overflow of xmlrpc, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/08/2016.
Identifiers: bulletinjul2017, CVE-2016-6296, DLA-569-1, HT207170, openSUSE-SU-2016:2451-1, RHSA-2016:2750-01, SUSE-SU-2016:2460-1, USN-3059-1, VIGILANCE-VUL-20265.

Description of the vulnerability

An attacker can generate an integer overflow of xmlrpc, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-6288 CVE-2016-6289 CVE-2016-6290

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Mac OS X, Debian, Fedora, openSUSE, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 17.
Creation date: 21/07/2016.
Identifiers: 72306, 72399, 72405, 72479, 72498, 72513, 72520, 72531, 72533, 72541, 72551, 72552, 72562, 72573, 72603, 72606, 72618, bulletinjul2017, CERTFR-2016-AVI-251, CVE-2016-6288, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297, DLA-628-1, DSA-3631-1, FEDORA-2016-3af39b1fcb, FEDORA-2016-b777fc7a8b, HT207170, openSUSE-SU-2016:2071-1, openSUSE-SU-2016:2451-1, openSUSE-SU-2017:1757-1, openSUSE-SU-2017:1800-1, RHSA-2016:2750-01, SSA:2016-203-02, SUSE-SU-2016:2080-1, SUSE-SU-2016:2328-1, SUSE-SU-2016:2408-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3045-1, VIGILANCE-VUL-20187.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a buffer overflow via virtual_file_ex, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72513, CVE-2016-6289]

An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy (VIGILANCE-VUL-20143). [severity:3/4; 72573]

An attacker can force a NULL pointer to be dereferenced via variant_date_from_timestamp, in order to trigger a denial of service. [severity:1/4; 72498]

An attacker can generate a memory corruption via Curl size_t, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72541]

An attacker can force a read at an invalid address via exif_process_IFD_in_MAKERNOTE, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72603, CVE-2016-6291]

An attacker can force a NULL pointer to be dereferenced via exif_process_user_comment, in order to trigger a denial of service. [severity:1/4; 72618, CVE-2016-6292]

An attacker can force a read at an invalid address via locale_accept_from_http, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72533, CVE-2016-6294]

An attacker can force a read at an invalid address via mb_ereg_replace, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72405]

An attacker can force the usage of a freed memory area via MBString, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72399]

An attacker can generate a buffer overflow via mdecrypt_generic, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72551, 72552]

An attacker can generate a buffer overflow via proc_open, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72306]

An attacker can generate a buffer overflow via ps_files_cleanup_dir, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72531]

An attacker can force the usage of a freed memory area via unserialize, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72562, CVE-2016-6290]

An attacker can force the usage of a freed memory area via SNMP, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72479, CVE-2016-6295]

An attacker can generate a buffer overflow via simplestring_addn(), in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20265). [severity:3/4; 72606, CVE-2016-6296]

An attacker can generate a buffer overflow via php_stream_zip_opener, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72520, CVE-2016-6297]

An attacker can force a read at an invalid address via php_url_parse_ex, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-6288]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1791 CVE-2016-1792 CVE-2016-1793

Apple Mac OS X: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple Mac OS X.
Impacted products: Mac OS X.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 56.
Creation date: 19/05/2016.
Revisions dates: 27/05/2016, 30/05/2016, 14/06/2016, 20/07/2016.
Identifiers: 724, 730, 732, 772, 774, 776, 777, 778, 782, 783, 784, COSIG-2016-19, CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1807, CVE-2016-1808, CVE-2016-1809, CVE-2016-1810, CVE-2016-1811, CVE-2016-1812, CVE-2016-1813, CVE-2016-1814, CVE-2016-1815, CVE-2016-1816, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1820, CVE-2016-1821, CVE-2016-1822, CVE-2016-1823, CVE-2016-1824, CVE-2016-1825, CVE-2016-1826, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831, CVE-2016-1832, CVE-2016-1833, CVE-2016-1842, CVE-2016-1843, CVE-2016-1844, CVE-2016-1846, CVE-2016-1847, CVE-2016-1848, CVE-2016-1850, CVE-2016-1851, CVE-2016-1853, CVE-2016-1860, CVE-2016-1861, CVE-2016-1862, CVE-2016-4650, HT206567, TALOS-2016-0171, TALOS-2016-0180, TALOS-2016-0181, TALOS-2016-0183, VIGILANCE-VUL-19666, ZDI-16-339, ZDI-16-340, ZDI-16-344, ZDI-16-345, ZDI-16-346, ZDI-16-347, ZDI-16-358, ZDI-16-360, ZDI-16-361, ZDI-16-494, ZDI-16-495, ZDI-16-497, ZDI-16-637.

Description of the vulnerability

An attacker can use several vulnerabilities of Apple Mac OS X.

The bulletin VIGILANCE-VUL-19877 provides some technical details and attack programs. Another one of them is described in VIGILANCE-VUL-19006.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-4596 CVE-2016-4597 CVE-2016-4598

Apple QuickTime: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple QuickTime.
Impacted products: Mac OS X, QuickTime.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 19/07/2016.
Identifiers: CERTFR-2016-AVI-239, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, HT206903, VIGILANCE-VUL-20156.

Description of the vulnerability

Several vulnerabilities were announced in Apple QuickTime.

An attacker can generate a memory corruption via SGI, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4601]

An attacker can generate a memory corruption via Photoshop, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4599]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4596]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4597]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4600]

An attacker can generate a memory corruption via FlashPix, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4602]

An attacker can generate a memory corruption via Image, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4598]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-9862 CVE-2016-1863 CVE-2016-1865

Apple Mac OS X: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple Mac OS X.
Impacted products: Mac OS X.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 28.
Creation date: 19/07/2016.
Identifiers: 830, 831, 832, 833, 834, CERTFR-2016-AVI-239, CVE-2014-9862, CVE-2016-1863, CVE-2016-1864-ERROR, CVE-2016-1865, CVE-2016-4582, CVE-2016-4594, CVE-2016-4595, CVE-2016-4621, CVE-2016-4625, CVE-2016-4626, CVE-2016-4629, CVE-2016-4630, CVE-2016-4631, CVE-2016-4632, CVE-2016-4633, CVE-2016-4634, CVE-2016-4635, CVE-2016-4637, CVE-2016-4638, CVE-2016-4639, CVE-2016-4640, CVE-2016-4641, CVE-2016-4645, CVE-2016-4646, CVE-2016-4647, CVE-2016-4648, CVE-2016-4649, CVE-2016-4652, CVE-2016-4653, HT206903, TALOS-2016-0171, TALOS-2016-0180, TALOS-2016-0181, TALOS-2016-0186, VIGILANCE-VUL-20155, ZDI-16-431, ZDI-16-432, ZDI-16-433, ZDI-16-434, ZDI-16-435, ZDI-16-436, ZDI-16-437, ZDI-16-438, ZDI-16-439, ZDI-16-496, ZDI-16-638, ZDI-16-639, ZDI-16-640.

Description of the vulnerability

Several vulnerabilities were announced in Apple Mac OS X.

An attacker can force a NULL pointer to be dereferenced via Audio, in order to trigger a denial of service. [severity:1/4; CVE-2016-4649]

An attacker can generate a memory corruption via Audio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4647, ZDI-16-437, ZDI-16-438]

An attacker can force a read at an invalid address via Audio, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-4648, ZDI-16-496]

An attacker can force a read at an invalid address via Audio, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-4646, ZDI-16-439]

An attacker can bypass security features via CFNetwork, in order to escalate his privileges. [severity:2/4; CVE-2016-4645]

An attacker can force a read at an invalid address via CoreGraphics, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-4652, ZDI-16-432]

An attacker can generate a memory corruption via CoreGraphics, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4637]

An attacker can bypass security features via FaceTime, in order to obtain sensitive information. [severity:2/4; CVE-2016-4635]

An attacker can generate a memory corruption via ImageIO, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4629, TALOS-2016-0180]

An attacker can generate a memory corruption via ImageIO, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4630, TALOS-2016-0181]

An attacker can trigger a fatal error via ImageIO, in order to trigger a denial of service. [severity:2/4; CVE-2016-4632]

An attacker can use a vulnerability via ImageIO, in order to run code. [severity:3/4; CVE-2016-4631, TALOS-2016-0171]

An attacker can generate a memory corruption via Intel Graphics Driver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4633, ZDI-16-434]

An attacker can use a vulnerability via IOHIDFamily, in order to run code. [severity:2/4; CVE-2016-4626]

An attacker can force the usage of a freed memory area via IOSurface, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4625]

An attacker can use a vulnerability via Kernel, in order to run code. [severity:2/4; CVE-2016-1863]

An attacker can use a vulnerability via Kernel, in order to run code. [severity:2/4; CVE-2016-1864-ERROR, CVE-2016-4653, ZDI-16-436]

An attacker can use a vulnerability via Kernel, in order to run code. [severity:2/4; CVE-2016-4582]

An attacker can trigger a fatal error via Kernel, in order to trigger a denial of service. [severity:2/4; CVE-2016-1865]

An attacker can generate a memory corruption via libc++abi, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4621]

An attacker can generate a memory corruption via Login Window, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4638, ZDI-16-639, ZDI-16-640]

An attacker can generate a memory corruption via Login Window, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4640, ZDI-16-435, ZDI-16-638]

An attacker can generate a memory corruption via Login Window, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4641, ZDI-16-433]

An attacker can generate a memory corruption via Login Window, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4639, ZDI-16-431]

An attacker can bypass security features via Safari Login AutoFill, in order to obtain sensitive information. [severity:2/4; CVE-2016-4595]

A local application can bypass security features via Sandbox Profiles, in order to escalate his privileges. [severity:1/4; CVE-2016-4594]

An attacker can generate an integer overflow via bsdiff, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20211). [severity:2/4; CVE-2014-9862]

An attacker can generate a memory corruption via Graphics Drivers, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4634]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-1683 CVE-2016-4607 CVE-2016-4608

libxslt: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxslt.
Impacted products: iOS by Apple, iPhone, Mac OS X, Solaris, Nessus.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 19/07/2016.
Identifiers: bulletinapr2019, CERTFR-2018-AVI-288, CVE-2016-1683, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612-REJECT, HT206902, HT206903, TNS-2018-08, VIGILANCE-VUL-20151.

Description of the vulnerability

Several vulnerabilities were announced in libxslt.

An unknown vulnerability was announced via libxslt. [severity:2/4; CVE-2016-4607]

An unknown vulnerability was announced via libxslt. [severity:2/4; CVE-2016-4608]

An unknown vulnerability was announced via libxslt. [severity:2/4; CVE-2016-4609]

An unknown vulnerability was announced via libxslt. [severity:2/4; CVE-2016-4610]

An unknown vulnerability was announced via libxslt. [severity:2/4; CVE-2016-1683, CVE-2016-4612-REJECT]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-1683 CVE-2016-1684

libxslt: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxslt.
Impacted products: iOS by Apple, iPhone, Mac OS X, Solaris, Nessus, Ubuntu.
Severity: 3/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/07/2016.
Identifiers: bulletinapr2019, CERTFR-2018-AVI-288, CVE-2016-1683, CVE-2016-1684, HT206902, HT206903, TNS-2018-08, USN-3271-1, VIGILANCE-VUL-20150.

Description of the vulnerability

Several vulnerabilities were announced in libxslt.

An attacker can force a read at an invalid address via libxslt, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-1683]

An attacker can generate an integer overflow via libxslt, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1684]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apple MacOS X: