| Vulnerability Name: | CVE-2016-4669 (CCN-118486) | ||||||||||||
| Assigned: | 2016-10-24 | ||||||||||||
| Published: | 2016-10-24 | ||||||||||||
| Updated: | 2020-08-14 | ||||||||||||
| Summary: | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-4669 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html Source: BID Type: Third Party Advisory, VDB Entry 93849 Source: CCN Type: BID-93849 Apple macOS/watchOS/iOS/tvOS Multiple Security Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1037086 Source: XF Type: UNKNOWN appleios-cve20164669-code-exec(118486) Source: CCN Type: Packet Storm Security [10-29-2016] Mac OS X / iOS mach_ports_register Memory Safety Issues Source: CCN Type: Packet Storm Security [08-14-2020] Safari Webkit For iOS 7.1.2 JIT Optimization Bug Source: CCN Type: Apple security document HT207269 About the security content of watchOS 3.1 Source: CCN Type: Apple security document HT207270 About the security content of tvOS 10.0.1 Source: CCN Type: Apple Web site About the security content of iOS 10.1 Source: CCN Type: Apple security document HT207275 About the security content of macOS Sierra 10.12.1, Security Update 2016-002 El Capitan, and Security Update 2016-006 Yosemite Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207269 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207270 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207271 Source: CONFIRM Type: Vendor Advisory https://support.apple.com/HT207275 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [10-31-2016] Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 40654 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||