Vulnerabilities > CVE-2016-4625 - Use After Free vulnerability in Apple mac OS X
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description OS X/iOS Kernel - IOSurface Use-After-Free. CVE-2016-4625. Local exploit for OSX platform file exploits/osx/local/40653.txt id EDB-ID:40653 last seen 2016-11-01 modified 2016-10-31 platform osx port published 2016-10-31 reporter Google Security Research source https://www.exploit-db.com/download/40653/ title OS X/iOS Kernel - IOSurface Use-After-Free type local description Apple MacOS 10.12 - 'task_t' Privilege Escalation. CVE-2016-4625. Local exploit for OSX platform file exploits/macos/local/40669.txt id EDB-ID:40669 last seen 2016-11-01 modified 2016-10-31 platform macos port published 2016-10-31 reporter Google Security Research source https://www.exploit-db.com/download/40669/ title Apple MacOS 10.12 - 'task_t' Privilege Escalation type local
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_10_11_6.NASL |
description | The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.6. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - Audio - bsdiff - CFNetwork - CoreGraphics - FaceTime - Graphics Drivers - ImageIO - Intel Graphics Driver - IOHIDFamily - IOKit - IOSurface - Kernel - libc++abi - libexpat - LibreSSL - libxml2 - libxslt - Login Window - OpenSSL - QuickTime - Safari Login AutoFill - Sandbox Profiles Note that successful exploitation of the most serious issues can result in arbitrary code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 92496 |
published | 2016-07-21 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/92496 |
title | Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities |
code |
|
References
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
- http://www.securityfocus.com/bid/91824
- http://www.securityfocus.com/bid/91824
- http://www.securitytracker.com/id/1036348
- http://www.securitytracker.com/id/1036348
- https://support.apple.com/HT206903
- https://support.apple.com/HT206903
- https://www.exploit-db.com/exploits/40653/
- https://www.exploit-db.com/exploits/40653/
- https://www.exploit-db.com/exploits/40669/
- https://www.exploit-db.com/exploits/40669/