CVE-2016-1719

moderate-risk
Published 2016-02-01

The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Do I need to act?

-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
6 public exploits available
39360, 39362, 39361 and 3 more
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (4)

Affected Vendors

Apple

References (54)

Vendor Advisory http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html
Vendor Advisory http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html
Vendor Advisory http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://packetstormsecurity.com/files/135438/iOS-Kernel-IOReportHub-Use-After-Fre...
http://packetstormsecurity.com/files/135439/iOS-Kernel-IOHIDEventService-Use-Aft...
http://packetstormsecurity.com/files/135440/iOS-Kernel-AppleOscarCMA-Use-After-F...
http://packetstormsecurity.com/files/135441/iOS-Kernel-AppleOscarCompass-Use-Aft...
http://packetstormsecurity.com/files/135442/iOS-Kernel-AppleOscarAccelerometer-U...
http://packetstormsecurity.com/files/135443/iOS-Kernel-AppleOscarGyro-Use-After-...
http://www.securitytracker.com/id/1034736
https://code.google.com/p/google-security-research/issues/detail?id=603
https://code.google.com/p/google-security-research/issues/detail?id=604
https://code.google.com/p/google-security-research/issues/detail?id=605
https://code.google.com/p/google-security-research/issues/detail?id=606
https://code.google.com/p/google-security-research/issues/detail?id=607
https://code.google.com/p/google-security-research/issues/detail?id=608
Vendor Advisory https://support.apple.com/HT205729
Vendor Advisory https://support.apple.com/HT205731
Vendor Advisory https://support.apple.com/HT205732
and 34 more references
42
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 8/34 · Low
Exposure 10/34 · Low