Vulnerabilities > CVE-2016-4682 - Out-of-bounds Read vulnerability in Apple mac OS X

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
apple
CWE-125
nessus

Summary

An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file.

Vulnerable Configurations

Part Description Count
OS
Apple
113

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_12.NASL
    descriptionThe remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, or is not macOS 10.12. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple HSSPI Support - AppleEFIRuntime - AppleMobileFileIntegrity - AppleUCC - Application Firewall - ATS - Audio - Bluetooth - cd9660 - CFNetwork - CommonCrypto - CoreCrypto - CoreDisplay - curl - Date & Time Pref Pane - DiskArbitration - File Bookmark - FontParser - IDS - Connectivity - ImageIO - Intel Graphics Driver - IOAcceleratorFamily - IOThunderboltFamily - Kerberos v5 PAM module - Kernel - libarchive - libxml2 - libxpc - libxslt - mDNSResponder - NSSecureTextField - Perl - S2 Camera - Security - Terminal - WindowServer Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id93685
    published2016-09-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93685
    titlemacOS < 10.12 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD_10_11_6_2016-002__10_10_5_2016-006.NASL
    descriptionThe remote host is running a version of Mac OS X that is 10.10.5 but is missing Security Update 2016-006, or else it is version 10.11.6 but is missing Security Update 2016-002. It is, therefore, affected by multiple vulnerabilities : - A memory corruption issue exists in the AppleGraphicsControl component due to improper lock state checking. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with kernel-level privileges. (CVE-2016-4662) - A memory corruption issue exists in the NVIDIA Graphics Driver due to improper validation of user-supplied input. A local attacker can exploit this to cause a denial of service condition. (CVE-2016-4663) - Multiple flaws exist in the System Boot component due to improper validation of user-supplied input. A local attacker can exploit these to terminate the system or execute arbitrary code with kernel-level privileges. (CVE-2016-4669) - An out-of-bounds write error exists in the ImageIO component when parsing PDF files due to improper bounds checking. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to execute arbitrary code. (CVE-2016-4671) - A memory corruption issue exists in the Core Image component when handling JPEG files due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted JPEG file, to execute arbitrary code. (CVE-2016-4681) - An out-of-bounds read error exists in the ImageIO component when parsing specially crafted SGI images. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information in process memory. (CVE-2016-4682) - Multiple out-of-bounds read and write errors exist in the ImageIO component when parsing specially crafted SGI images. An unauthenticated, remote attacker can exploit these to disclose potentially sensitive information, cause a denial of service condition, or execute arbitrary code. (CVE-2016-4683)
    last seen2020-06-01
    modified2020-06-02
    plugin id100427
    published2017-05-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100427
    titleMac OS X 10.10.5 / 10.11.6 Multiple Vulnerabilities (Security Update 2016-002 / 2016-006)