7.2
CVSSv2

CVE-2016-1719

Published: 01/02/2016 Updated: 08/03/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 750
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The IOHIDFamily API in Apple iOS prior to 9.2.1, OS X prior to 10.11.3, and tvOS prior to 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Affected Products

Vendor Product Versions
AppleIphone Os9.2
AppleMac Os X10.11.2
AppleTvos9.1
AppleWatchos2.1

Vendor Advisories

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=607 Panic log attached OS X advisory: supportapplecom/en-us/HT205731 iOS advisory: supportapplecom/en-us/HT205732 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39360zip ...
Source: codegooglecom/p/google-security-research/issues/detail?id=608 Panic log attached OS X advisory: supportapplecom/en-us/HT205731 iOS advisory: supportapplecom/en-us/HT205732 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39359zip ...
Source: codegooglecom/p/google-security-research/issues/detail?id=604 Panic log attached OS X advisory: supportapplecom/en-us/HT205731 iOS advisory: supportapplecom/en-us/HT205732 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39363zip ...
Source: codegooglecom/p/google-security-research/issues/detail?id=606 Panic log attached OS X advisory: supportapplecom/en-us/HT205731 iOS advisory: supportapplecom/en-us/HT205732 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39361zip ...
Source: codegooglecom/p/google-security-research/issues/detail?id=605 Panic log attached OS X advisory: supportapplecom/en-us/HT205731 iOS advisory: supportapplecom/en-us/HT205732 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39362zip ...
Source: codegooglecom/p/google-security-research/issues/detail?id=603 Panic log attached OS X advisory: supportapplecom/en-us/HT205731 iOS advisory: supportapplecom/en-us/HT205732 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/39364zip ...

References

CWE-119http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/Jan/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/Jan/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2016/Mar/msg00001.htmlhttp://packetstormsecurity.com/files/135438/iOS-Kernel-IOReportHub-Use-After-Free.htmlhttp://packetstormsecurity.com/files/135439/iOS-Kernel-IOHIDEventService-Use-After-Free.htmlhttp://packetstormsecurity.com/files/135440/iOS-Kernel-AppleOscarCMA-Use-After-Free.htmlhttp://packetstormsecurity.com/files/135441/iOS-Kernel-AppleOscarCompass-Use-After-Free.htmlhttp://packetstormsecurity.com/files/135442/iOS-Kernel-AppleOscarAccelerometer-Use-After-Free.htmlhttp://packetstormsecurity.com/files/135443/iOS-Kernel-AppleOscarGyro-Use-After-Free.htmlhttp://www.securitytracker.com/id/1034736https://code.google.com/p/google-security-research/issues/detail?id=603https://code.google.com/p/google-security-research/issues/detail?id=604https://code.google.com/p/google-security-research/issues/detail?id=605https://code.google.com/p/google-security-research/issues/detail?id=606https://code.google.com/p/google-security-research/issues/detail?id=607https://code.google.com/p/google-security-research/issues/detail?id=608https://support.apple.com/HT205729https://support.apple.com/HT205731https://support.apple.com/HT205732https://support.apple.com/HT206168https://www.exploit-db.com/exploits/39359/https://www.exploit-db.com/exploits/39360/https://www.exploit-db.com/exploits/39361/https://www.exploit-db.com/exploits/39362/https://www.exploit-db.com/exploits/39363/https://www.exploit-db.com/exploits/39364/https://www.rapid7.com/db/vulnerabilities/apple-osx-iohidfamily-cve-2016-1719https://www.exploit-db.com/exploits/39360/https://nvd.nist.govhttp://tools.cisco.com/security/center/viewAlert.x?alertId=43118