The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apple MacOS: multiple vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Apple MacOS.
Impacted systems: Mac OS X.
Severity of this alert: 3/4.
Number of vulnerabilities in this bulletin: 46.
Creation date: 14/12/2016.
Revision date: 16/12/2016.
Références of this alert: 926, 930, 941, 954, 959, 965, 974, 976, 977, CERTFR-2016-AVI-411, CVE-2016-1777, CVE-2016-1823, CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-6304, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663, HT207423, VIGILANCE-VUL-21377, ZDI-16-633, ZDI-16-643, ZDI-16-644.

Description of the vulnerability 

Several vulnerabilities were announced in Apple MacOS.

An attacker can force a NULL pointer to be dereferenced via AppleGraphicsPowerManagement(), in order to trigger a denial of service. [severity:3/4; CVE-2016-7609, ZDI-16-643]

An attacker may change data modified from a mobile device. [severity:2/4; CVE-2016-7628]

An attacker can generate a memory corruption via audio files, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7658]

An attacker can generate a memory corruption via audio files, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7659]

An attacker can use a vulnerability in the Bluetooth stack, in order to run code with kernel privileges. [severity:3/4; CVE-2016-7596]

An attacker can force a NULL pointer to be dereferenced via Bluetooth, in order to trigger a denial of service. [severity:2/4; CVE-2016-7605]

An attacker can generate a memory corruption via Bluetooth, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-7617, ZDI-16-644]

An attacker can force a NULL pointer to be dereferenced via CoreCapture, in order to trigger a denial of service. [severity:2/4; CVE-2016-7604]

An attacker can generate a buffer overflow via CoreFoundation, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7663]

An attacker can force a NULL pointer to be dereferenced via a font, in order to trigger a denial of service. [severity:2/4; CVE-2016-7627]

An attacker can generate a memory corruption via mediaserver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7655]

An attacker can generate a memory corruption via a mp4 file, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7588]

An attacker can force a NULL pointer to be dereferenced via CoreStorage, in order to trigger a denial of service. [severity:2/4; CVE-2016-7603]

An attacker can generate memory corruptions via font files, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7595]

An attacker can force the usage of a freed memory area via Directory Services, in order to trigger a denial of service, and possibly to run code with administrator privileges. [severity:3/4; CVE-2016-7633]

An attacker can generate a memory corruption via Disk Images, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-7616, ZDI-16-633]

An attacker can generate a buffer overflow via FontParser, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4691]

An attacker can generate a buffer overflow via FontParser, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4688]

An attacker can generate a buffer overflow via a gcx file, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7618]

An attacker can generate a memory corruption via a gcx file, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7622]

An attacker can generate a memory corruption via ICU, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7594]

An attacker can read a memory fragment via ImageIO, in order to obtain sensitive information. [severity:1/4; CVE-2016-7643]

An attacker can generate a memory corruption via Intel, in order to trigger a denial of service, and possibly to run code with the kernel privileges. [severity:3/4; CVE-2016-7602]

An attacker can read a kernel memory fragment via IOFireWireFamily, in order to obtain sensitive information. [severity:1/4; CVE-2016-7608]

An attacker can bypass security features via IOAcceleratorFamily, in order to obtain sensitive information. [severity:1/4; CVE-2016-7624]

An attacker can generate a memory corruption via IOHIDFamily, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-1823]

An attacker can force the usage of a freed memory area via IOHIDFamily, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-7591]

An attacker can read a kernel memory fragment via IOHIDFamily, in order to obtain sensitive information. [severity:1/4; CVE-2016-7657]

An attacker can bypass security features via IOKit, in order to obtain sensitive information. [severity:1/4; CVE-2016-7625]

An attacker can bypass security features via IOSurface, in order to obtain sensitive information. [severity:1/4; CVE-2016-7620]

An attacker can use a vulnerability, in order to run code with kernel privileges. [severity:3/4; 930, CVE-2016-7606, CVE-2016-7612]

An attacker can read a memory fragment via Kernel, in order to obtain sensitive information. [severity:1/4; CVE-2016-7607]

An attacker can trigger a fatal error via Kernel, in order to trigger a denial of service. [severity:2/4; CVE-2016-7615]

An attacker can force the usage of a freed memory area via Kernel, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7621]

An attacker can bypass security features via Kernel, in order to escalate his privileges. [severity:3/4; CVE-2016-7637]

An attacker can force the usage of a freed memory area via Kernel, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; 965, CVE-2016-7644]

An attacker can bypass security features via kext tools, in order to escalate his privileges. [severity:3/4; CVE-2016-7629]

An attacker can use an archive with symbolic links to corrupt files. [severity:2/4; CVE-2016-7619]

An attacker can send malicious OCSP packets to a LibreSSL based application, in order to trigger a denial of service. [severity:2/4; CVE-2016-6304]

OpenLDAP may use weak encryption. [severity:1/4; CVE-2016-1777]

An attacker can bypass security features via OpenPAM, in order to escalate his privileges. [severity:2/4; CVE-2016-7600]

An attacker can bypass security features via Power Management, in order to escalate his privileges. [severity:3/4; CVE-2016-7661]

The system may use Triple DES. [severity:1/4; CVE-2016-4693]

An attacker can send malicious OCSP packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-7636]

X.509 certificate validation is incomplete. [severity:3/4; CVE-2016-7662]

An attacker can bypass security features via syslog, in order to escalate his privileges. [severity:3/4; CVE-2016-7660]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity bulletin impacts software or systems such as Mac OS X.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 46 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer vulnerability bulletin.

Solutions for this threat 

Apple MacOS: version Sierra 10.12.2.
The version Sierra 10.12.2 is fixed.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.