Published: 01/02/2016 Updated: 22/03/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The kernel in Apple iOS prior to 9.2.1, OS X prior to 10.11.3, and tvOS prior to 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x
apple tvos
apple watchos

Source: codegooglecom/p/google-security-research/issues/detail?id=618 The _ool variations of the IOKit devicedefs functions all incorrectly deal with error conditions If you run the mig tool on devicedefs you can see the source of the kernel-side MIG handling code; here is the relevant generated code for io_service_get_matching_servi ...

CWE-119 http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html https://support.apple.com/HT205729 https://support.apple.com/HT205732 https://support.apple.com/HT205731 http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html https://code.google.com/p/google-security-research/issues/detail?id=618 https://support.apple.com/HT206168 http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://packetstormsecurity.com/files/135444/iOS-OS-X-Kernel-Uninitialized-Variable-Code-Execution.html https://www.exploit-db.com/exploits/39358/http://www.securitytracker.com/id/1034736 https://nvd.nist.gov https://www.exploit-db.com/exploits/39358/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1721

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect