9.3

CVE-2016-1819

Exploit
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppletvOS Version < 9.2.1
AppleiPhone OS Version < 9.3.2
ApplemacOS X Version < 10.11.5
ApplewatchOS Version < 2.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.79% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Vendor Advisory
Mailing List
https://support.apple.com/HT206567
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
Vendor Advisory
Mailing List
http://www.securitytracker.com/id/1035890
Third Party Advisory
VDB Entry
https://support.apple.com/HT206568
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
Vendor Advisory
Mailing List
https://support.apple.com/HT206564
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
Vendor Advisory
Mailing List
http://www.securityfocus.com/bid/90694
Third Party Advisory
VDB Entry
https://support.apple.com/HT206566
Vendor Advisory
http://packetstormsecurity.com/files/137396/OS-X-Kernel-Use-After-Free-From-IOAcceleratorFamily2-Bad-Locking.html
Third Party Advisory
VDB Entry
https://bugs.chromium.org/p/project-zero/issues/detail?id=772
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/39928/
Third Party Advisory
Exploit
VDB Entry