Vulnerabilities > CVE-2016-1811 - NULL Pointer Dereference vulnerability in Apple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_10_11_5.NASL description The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.5. It is, therefore, affected by multiple vulnerabilities in the following components : - AMD - apache_mod_php - AppleGraphicsControl - AppleGraphicsPowerManagement - Assistant - ATS - Audio - Captive - CFNetwork - CommonCrypto - CoreCapture - CoreStorage - Crash - Disk - Disk - Driver - Drivers - Drivers - Graphics - Graphics - Graphics - ImageIO - Images - Intel - IOAcceleratorFamily - IOAudioFamily - IOFireWireFamily - IOHIDFamily - Kernel - libc - libxml2 - libxslt - Lock - MapKit - Messages - Multi-Touch - Network - NVIDIA - OpenGL - Proxies - QuickTime - Reporter - SceneKit - Screen - Tcl - Utility Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 91228 published 2016-05-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91228 title Mac OS X 10.11.x < 10.11.5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91228); script_version("1.10"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2016-1792", "CVE-2016-1793", "CVE-2016-1794", "CVE-2016-1795", "CVE-2016-1796", "CVE-2016-1797", "CVE-2016-1798", "CVE-2016-1799", "CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1804", "CVE-2016-1805", "CVE-2016-1806", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1809", "CVE-2016-1810", "CVE-2016-1811", "CVE-2016-1812", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1815", "CVE-2016-1816", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1820", "CVE-2016-1821", "CVE-2016-1822", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1825", "CVE-2016-1826", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1831", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1835", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1842", "CVE-2016-1843", "CVE-2016-1844", "CVE-2016-1846", "CVE-2016-1848", "CVE-2016-1850", "CVE-2016-1851", "CVE-2016-1853", "CVE-2016-1861", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-4070", "CVE-2016-4071", "CVE-2016-4072", "CVE-2016-4073", "CVE-2016-4650" ); script_bugtraq_id( 84271, 84306, 85800, 85801, 85991, 85993, 90692, 90694, 90696, 90697, 90698, 90801, 91353, 92034 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-05-16-4"); script_name(english:"Mac OS X 10.11.x < 10.11.5 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Mac OS X."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.5. It is, therefore, affected by multiple vulnerabilities in the following components : - AMD - apache_mod_php - AppleGraphicsControl - AppleGraphicsPowerManagement - Assistant - ATS - Audio - Captive - CFNetwork - CommonCrypto - CoreCapture - CoreStorage - Crash - Disk - Disk - Driver - Drivers - Drivers - Graphics - Graphics - Graphics - ImageIO - Images - Intel - IOAcceleratorFamily - IOAudioFamily - IOFireWireFamily - IOHIDFamily - Kernel - libc - libxml2 - libxslt - Lock - MapKit - Messages - Multi-Touch - Network - NVIDIA - OpenGL - Proxies - QuickTime - Reporter - SceneKit - Screen - Tcl - Utility Note that successful exploitation of the most serious issues can result in arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT206567"); # http://lists.apple.com/archives/security-announce/2016/May/msg00004.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?46de3fda"); script_set_attribute(attribute:"solution", value: "Upgrade to Mac OS X version 10.11.5 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4650"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/19"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Cannot determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); match = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (isnull(match)) exit(1, "Failed to parse the Mac OS X version ('" + os + "')."); version = match[1]; if ( version !~ "^10\.11([^0-9]|$)" ) audit(AUDIT_OS_NOT, "Mac OS X 10.11 or later", "Mac OS X "+version); fix = "10.11.5"; if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1) { items = make_array("Installed version", version, "Fixed version", fix ); order = make_list("Installed version", "Fixed version"); report = report_items_str(report_items:items, ordered_fields:order); security_report_v4(port:0, extra:report, severity:SECURITY_HOLE); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "Mac OS X", version);NASL family Misc. NASL id APPLETV_9_2_1.NASL description According to its banner, the version of the remote Apple TV device is prior to 9.2.1. It is, therefore, affected by multiple vulnerabilities in the following components : - CFNetwork Proxies - CommonCrypto - CoreCapture - Disk Images - ImageIO - IOAcceleratorFamily - IOHIDFamily - Kernel - libc - libxml2 - libxslt - OpenGL - WebKit - WebKit Canvas Note that only 4th generation models are affected by the vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 91311 published 2016-05-24 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91311 title Apple TV < 9.2.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91311); script_version("1.9"); script_cvs_date("Date: 2019/11/14"); script_cve_id( "CVE-2016-1801", "CVE-2016-1802", "CVE-2016-1803", "CVE-2016-1807", "CVE-2016-1808", "CVE-2016-1811", "CVE-2016-1813", "CVE-2016-1814", "CVE-2016-1817", "CVE-2016-1818", "CVE-2016-1819", "CVE-2016-1823", "CVE-2016-1824", "CVE-2016-1827", "CVE-2016-1828", "CVE-2016-1829", "CVE-2016-1830", "CVE-2016-1832", "CVE-2016-1833", "CVE-2016-1834", "CVE-2016-1836", "CVE-2016-1837", "CVE-2016-1838", "CVE-2016-1839", "CVE-2016-1840", "CVE-2016-1841", "CVE-2016-1847", "CVE-2016-1854", "CVE-2016-1855", "CVE-2016-1856", "CVE-2016-1857", "CVE-2016-1858", "CVE-2016-1859", "CVE-2016-4650" ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-05-16-1"); script_name(english:"Apple TV < 9.2.1 Multiple Vulnerabilities"); script_summary(english:"Checks the build number."); script_set_attribute(attribute:"synopsis", value: "The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of the remote Apple TV device is prior to 9.2.1. It is, therefore, affected by multiple vulnerabilities in the following components : - CFNetwork Proxies - CommonCrypto - CoreCapture - Disk Images - ImageIO - IOAcceleratorFamily - IOHIDFamily - Kernel - libc - libxml2 - libxslt - OpenGL - WebKit - WebKit Canvas Note that only 4th generation models are affected by the vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT206564"); # https://lists.apple.com/archives/security-announce/2016/May/msg00001.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?618f77f3"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple TV version 9.2.1 or later. Note that this update is only available for 4th generation models."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4650"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/24"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("appletv_version.nasl"); script_require_keys("AppleTV/Version", "AppleTV/Model", "AppleTV/URL", "AppleTV/Port"); script_require_ports("Services/www", 7000); exit(0); } include("audit.inc"); include("appletv_func.inc"); url = get_kb_item('AppleTV/URL'); if (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.'); port = get_kb_item('AppleTV/Port'); if (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.'); build = get_kb_item('AppleTV/Version'); if (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV'); model = get_kb_item('AppleTV/Model'); if (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.'); fixed_build = "13Y772"; tvos_ver = '9.2.1'; # determine gen from the model gen = APPLETV_MODEL_GEN[model]; appletv_check_version( build : build, fix : fixed_build, affected_gen : 4, fix_tvos_ver : tvos_ver, model : model, gen : gen, port : port, url : url, severity : SECURITY_HOLE );
References
- https://support.apple.com/HT206566
- http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
- https://support.apple.com/HT206567
- https://support.apple.com/HT206568
- https://support.apple.com/HT206564
- http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
- http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
- http://www.securityfocus.com/bid/90694
- http://www.securitytracker.com/id/1035890