5.1

CVE-2016-1807

Exploit
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version < 10.11.5
ApplewatchOS Version < 2.2.1
AppletvOS Version < 9.2.1
AppleiPhone OS Version < 9.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.481
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 1.4 3.6
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Vendor Advisory
Mailing List
https://support.apple.com/HT206567
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
Vendor Advisory
Mailing List
http://www.securitytracker.com/id/1035890
Third Party Advisory
VDB Entry
https://support.apple.com/HT206568
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
Vendor Advisory
Mailing List
https://support.apple.com/HT206564
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
Vendor Advisory
Mailing List
http://www.securityfocus.com/bid/90694
Third Party Advisory
VDB Entry
https://support.apple.com/HT206566
Vendor Advisory
http://packetstormsecurity.com/files/137395/OS-X-iOS-Kernel-IOHDIXControllerUserClient-Use-After-Free.html
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=732
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/39929/
Third Party Advisory
Exploit
VDB Entry