CVE-2016-1749
Apple OS X IOUSBInterfaceUserClient Out-Of-Bounds Indexing Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
IOUSBFamily en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada.
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the IOUSBInterfaceUserClient interface. The issue lies in the failure to ensure that a user-supplied index is within the bounds of the allocated buffer. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel.
Mac OS X kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleUSBPipe::Abort.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-13 CVE Reserved
- 2016-03-22 CVE Published
- 2024-04-23 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1035363 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-16-206 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/39607 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html | 2017-09-08 | |
https://support.apple.com/HT206167 | 2017-09-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.11.3 Search vendor "Apple" for product "Mac Os X" and version " <= 10.11.3" | - |
Affected
|