The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce CVE-2016-1777 CVE-2016-1823 CVE-2016-4688

Apple MacOS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple MacOS.
Severity of this alert: 3/4.
Number of vulnerabilities in this bulletin: 46.
Creation date: 14/12/2016.
Revision date: 16/12/2016.
Références of this alert: 926, 930, 941, 954, 959, 965, 974, 976, 977, CERTFR-2016-AVI-411, CVE-2016-1777, CVE-2016-1823, CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-6304, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604, CVE-2016-7605, CVE-2016-7606, CVE-2016-7607, CVE-2016-7608, CVE-2016-7609, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7617, CVE-2016-7618, CVE-2016-7619, CVE-2016-7620, CVE-2016-7621, CVE-2016-7622, CVE-2016-7624, CVE-2016-7625, CVE-2016-7627, CVE-2016-7628, CVE-2016-7629, CVE-2016-7633, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7655, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7661, CVE-2016-7662, CVE-2016-7663, HT207423, VIGILANCE-VUL-21377, ZDI-16-633, ZDI-16-643, ZDI-16-644.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Apple MacOS.

An attacker can force a NULL pointer to be dereferenced via AppleGraphicsPowerManagement(), in order to trigger a denial of service. [severity:3/4; CVE-2016-7609, ZDI-16-643]

An attacker may change data modified from a mobile device. [severity:2/4; CVE-2016-7628]

An attacker can generate a memory corruption via audio files, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7658]

An attacker can generate a memory corruption via audio files, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7659]

An attacker can use a vulnerability in the Bluetooth stack, in order to run code with kernel privileges. [severity:3/4; CVE-2016-7596]

An attacker can force a NULL pointer to be dereferenced via Bluetooth, in order to trigger a denial of service. [severity:2/4; CVE-2016-7605]

An attacker can generate a memory corruption via Bluetooth, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-7617, ZDI-16-644]

An attacker can force a NULL pointer to be dereferenced via CoreCapture, in order to trigger a denial of service. [severity:2/4; CVE-2016-7604]

An attacker can generate a buffer overflow via CoreFoundation, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7663]

An attacker can force a NULL pointer to be dereferenced via a font, in order to trigger a denial of service. [severity:2/4; CVE-2016-7627]

An attacker can generate a memory corruption via mediaserver, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7655]

An attacker can generate a memory corruption via a mp4 file, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7588]

An attacker can force a NULL pointer to be dereferenced via CoreStorage, in order to trigger a denial of service. [severity:2/4; CVE-2016-7603]

An attacker can generate memory corruptions via font files, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7595]

An attacker can force the usage of a freed memory area via Directory Services, in order to trigger a denial of service, and possibly to run code with administrator privileges. [severity:3/4; CVE-2016-7633]

An attacker can generate a memory corruption via Disk Images, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-7616, ZDI-16-633]

An attacker can generate a buffer overflow via FontParser, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4691]

An attacker can generate a buffer overflow via FontParser, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4688]

An attacker can generate a buffer overflow via a gcx file, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7618]

An attacker can generate a memory corruption via a gcx file, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7622]

An attacker can generate a memory corruption via ICU, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7594]

An attacker can read a memory fragment via ImageIO, in order to obtain sensitive information. [severity:1/4; CVE-2016-7643]

An attacker can generate a memory corruption via Intel, in order to trigger a denial of service, and possibly to run code with the kernel privileges. [severity:3/4; CVE-2016-7602]

An attacker can read a kernel memory fragment via IOFireWireFamily, in order to obtain sensitive information. [severity:1/4; CVE-2016-7608]

An attacker can bypass security features via IOAcceleratorFamily, in order to obtain sensitive information. [severity:1/4; CVE-2016-7624]

An attacker can generate a memory corruption via IOHIDFamily, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-1823]

An attacker can force the usage of a freed memory area via IOHIDFamily, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; CVE-2016-7591]

An attacker can read a kernel memory fragment via IOHIDFamily, in order to obtain sensitive information. [severity:1/4; CVE-2016-7657]

An attacker can bypass security features via IOKit, in order to obtain sensitive information. [severity:1/4; CVE-2016-7625]

An attacker can bypass security features via IOSurface, in order to obtain sensitive information. [severity:1/4; CVE-2016-7620]

An attacker can use a vulnerability, in order to run code with kernel privileges. [severity:3/4; 930, CVE-2016-7606, CVE-2016-7612]

An attacker can read a memory fragment via Kernel, in order to obtain sensitive information. [severity:1/4; CVE-2016-7607]

An attacker can trigger a fatal error via Kernel, in order to trigger a denial of service. [severity:2/4; CVE-2016-7615]

An attacker can force the usage of a freed memory area via Kernel, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-7621]

An attacker can bypass security features via Kernel, in order to escalate his privileges. [severity:3/4; CVE-2016-7637]

An attacker can force the usage of a freed memory area via Kernel, in order to trigger a denial of service, and possibly to run code with kernel privileges. [severity:3/4; 965, CVE-2016-7644]

An attacker can bypass security features via kext tools, in order to escalate his privileges. [severity:3/4; CVE-2016-7629]

An attacker can use an archive with symbolic links to corrupt files. [severity:2/4; CVE-2016-7619]

An attacker can send malicious OCSP packets to a LibreSSL based application, in order to trigger a denial of service. [severity:2/4; CVE-2016-6304]

OpenLDAP may use weak encryption. [severity:1/4; CVE-2016-1777]

An attacker can bypass security features via OpenPAM, in order to escalate his privileges. [severity:2/4; CVE-2016-7600]

An attacker can bypass security features via Power Management, in order to escalate his privileges. [severity:3/4; CVE-2016-7661]

The system may use Triple DES. [severity:1/4; CVE-2016-4693]

An attacker can send malicious OCSP packets, in order to trigger a denial of service. [severity:2/4; CVE-2016-7636]

X.509 certificate validation is incomplete. [severity:3/4; CVE-2016-7662]

An attacker can bypass security features via syslog, in order to escalate his privileges. [severity:3/4; CVE-2016-7660]
Full Vigil@nce bulletin... (Free trial)

This cybersecurity bulletin impacts software or systems such as Mac OS X.

Our Vigil@nce team determined that the severity of this cybersecurity weakness is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 46 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this computer vulnerability bulletin.

Solutions for this threat

Apple MacOS: version Sierra 10.12.2.
The version Sierra 10.12.2 is fixed.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.