Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities

Apple Mac OS X is prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.

Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable.

Information

Bugtraq ID: 90696
Class: Unknown
CVE: CVE-2016-1792
CVE-2016-1791
CVE-2016-1793
CVE-2016-1794
CVE-2016-1795
CVE-2016-1796
CVE-2016-1797
CVE-2016-1798
CVE-2016-1799
CVE-2016-1800
CVE-2016-1805
CVE-2016-1806
CVE-2016-1810
CVE-2016-1812
CVE-2016-1814
CVE-2016-1815
CVE-2016-1816
CVE-2016-1820
CVE-2016-1821
CVE-2016-1822
CVE-2016-1825
CVE-2016-1831
CVE-2016-1826
CVE-2016-1835
CVE-2016-1844
CVE-2016-1843
CVE-2016-1804
CVE-2016-1846
CVE-2016-1848
CVE-2016-1850
CVE-2016-1851
CVE-2016-1853

Remote: Yes
Local: Yes
Published: May 16 2016 12:00AM
Updated: Nov 28 2017 10:09AM
Credit: beist and ABH of BoB, daybreaker of Minionz, Ian Beer of Google Project Zero, Moony Li, Jack Tang, Juwei Lin, Peter Pi of Trend Micro, Apple, Stefan Esser, Qidan He of KeenLab, Tencent, lokihardt, Ben Murphy working with Trend Micro's Zero Day Initiative,
Vulnerable: Oracle VM Server for x86 3.4
Oracle VM Server for x86 3.3
McAfee Web Gateway 7.6.2.3
McAfee Web Gateway 7.6.2.2
McAfee Web Gateway 7.6.2.1
McAfee Web Gateway 7.6.2.0
McAfee Web Gateway 7.5.2.9
McAfee Web Gateway 7.5.2.8
McAfee Web Gateway 7.5.2.10
McAfee Email Gateway 7.6.405
McAfee Email Gateway 7.6.404
McAfee Email Gateway 7.6.403
McAfee Email Gateway 7.6.402
McAfee Email Gateway 7.6.401
McAfee Email Gateway 7.6.400
McAfee Email Gateway 7.6.4
McAfee Email Gateway 7.6.3
McAfee Email Gateway 7.6.2
McAfee Email Gateway 7.6.405h1165239
McAfee Email Gateway 7.6.405h1157986
McAfee Email Gateway 7.6.3.2
McAfee Email Gateway 7.6.3.1
McAfee Email Gateway 7.6.2h968406
McAfee Email Gateway 7.6.1
McAfee Email Gateway 7.6
Juniper JUNOS Space 15.2R2
Juniper JUNOS Space 15.2R1
Juniper JUNOS Space 15.1R2.11
Juniper JUNOS Space 15.1F2
Juniper JUNOS Space 14.1R1.9
Juniper JUNOS Space 14.1R1
Juniper JUNOS Space 13.3
Juniper JUNOS Space 12.3
Juniper JUNOS Space 12.1
Juniper JUNOS Space 11.2
Juniper JUNOS Space 1.3
IBM SmartCloud Entry 3.2 Fix Pack 19
IBM SmartCloud Entry 3.2 Fix Pack 18
IBM SmartCloud Entry 3.2 fix pack 14
IBM SmartCloud Entry 3.2 fix pack 13
IBM SmartCloud Entry 3.2 Fix Pack 11
IBM SmartCloud Entry 3.2 Appliance fix pack 2
IBM SmartCloud Entry 3.2 Appliance fix pack 1
IBM SmartCloud Entry 3.2
IBM SmartCloud Entry 3.1 FP 9
IBM SmartCloud Entry 3.1 fix pack 13
IBM SmartCloud Entry 3.1 Fix Pack 10
IBM SmartCloud Entry 3.1 Appliance fix pack 2
IBM SmartCloud Entry 3.1 Appliance fix pack 1
IBM SmartCloud Entry 3.1
IBM SmartCloud Entry 2.4 Fix Pack 2
IBM SmartCloud Entry 2.4 Appliance fix pack 6
IBM SmartCloud Entry 2.4 Appliance fix pack 4
IBM SmartCloud Entry 2.3 Fix Pack 2
IBM SmartCloud Entry 2.3 Fix Pack 1
IBM SmartCloud Entry 2.3 Appliance fix pack 6
IBM SmartCloud Entry 2.3 Appliance fix pack 4
IBM SmartCloud Entry 2.2 Fix Pack 2
IBM SmartCloud Entry 2.2 Fix Pack 1
IBM SmartCloud Entry 2.2 Appliance fix pack 6
IBM SmartCloud Entry 2.2 Appliance fix pack 4
IBM SmartCloud Entry 2.2
IBM SmartCloud Entry 3.2.0.4 FixPack 15
IBM SmartCloud Entry 3.2.0.4 FixPack 13
IBM SmartCloud Entry 3.2.0.4 fix pack 11
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4
IBM SmartCloud Entry 3.2.0.3
IBM SmartCloud Entry 3.2.0.2
IBM SmartCloud Entry 3.2.0.1
IBM SmartCloud Entry 3.2.0.0
IBM SmartCloud Entry 3.2.0 fix pack 9
IBM SmartCloud Entry 3.2.0 fix pack 8
IBM SmartCloud Entry 3.2.0 fix pack 10
IBM SmartCloud Entry 3.2 Appliance fixpac
IBM SmartCloud Entry 3.2 Appliance fixpac
IBM SmartCloud Entry 3.1.0.4 FixPack 15
IBM SmartCloud Entry 3.1.0.4 FixPack 12
IBM SmartCloud Entry 3.1.0.4 fix pack 10
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4
IBM SmartCloud Entry 3.1.0.3
IBM SmartCloud Entry 3.1.0.2
IBM SmartCloud Entry 3.1.0.1
IBM SmartCloud Entry 3.1.0.0
IBM SmartCloud Entry 3.1.0 fix pack 9
IBM SmartCloud Entry 3.1.0 fix pack 8
IBM SmartCloud Entry 3.1 FP 10
IBM SmartCloud Entry 3.1 Appliance fixpac
IBM SmartCloud Entry 3.1 Appliance fixpac
IBM SmartCloud Entry 2.4.0.5 JRE Update 5
IBM SmartCloud Entry 2.4.0.5 FixPack 5
IBM SmartCloud Entry 2.4.0.5 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance Fi
IBM SmartCloud Entry 2.4.0.4 Appliance Fi
IBM SmartCloud Entry 2.4.0.3 Appliance FP
IBM SmartCloud Entry 2.4.0.3 Appliance FP
IBM SmartCloud Entry 2.4.0 fix pack 1
IBM SmartCloud Entry 2.4.0
IBM SmartCloud Entry 2.3.0.4 Appliance FP
IBM SmartCloud Entry 2.3.0.4 Appliance FP
IBM SmartCloud Entry 2.3.0.4 Appliance Fi
IBM SmartCloud Entry 2.3.0.4 Appliance Fi
IBM SmartCloud Entry 2.3.0.3 JRE Update 5
IBM SmartCloud Entry 2.3.0.3 JRE Update 4
IBM SmartCloud Entry 2.3.0.3 FixPack 3
IBM SmartCloud Entry 2.3.0.3 Appliance FP
IBM SmartCloud Entry 2.3.0.3 Appliance FP
IBM SmartCloud Entry 2.3.0
IBM SmartCloud Entry 2.2.0.4 Appliance FP
IBM SmartCloud Entry 2.2.0.4 Appliance FP
IBM SmartCloud Entry 2.2.0.4 Appliance Fi
IBM SmartCloud Entry 2.2.0.4 Appliance Fi
IBM SmartCloud Entry 2.2.0.3 Appliance FP
IBM SmartCloud Entry 2.2.0.3 Appliance FP
IBM Security Network Protection 5.3.2
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.2.3
IBM Security Network Protection 5.3.2.2
IBM Security Network Protection 5.3.2.1
IBM Security Network Protection 5.3.1.9
IBM Security Network Protection 5.3.1.8
IBM Security Network Protection 5.3.1.7
IBM Security Network Protection 5.3.1.6
IBM Security Network Protection 5.3.1.5
IBM Security Network Protection 5.3.1.4
IBM Security Network Protection 5.3.1.3
IBM Security Network Protection 5.3.1.2
IBM Security Network Protection 5.3.1.1
IBM Security Identity Governance and Intelligence 5.2.1
IBM PowerKVM 3.1
IBM PowerKVM 2.1
IBM MQ Appliance M2001
IBM MQ Appliance M2000
Bluecoat Security Analytics Platform 7.1
Bluecoat Security Analytics Platform 7.0
Bluecoat Security Analytics Platform 6.6
Bluecoat Proxysg 6.6
Bluecoat Proxysg 6.5
Bluecoat Norman Network Protection 5.3
Bluecoat Industrial Control Systems Network Scanner 5.3
Bluecoat Industrial Control System Protection 5.3
Bluecoat Director 6.1
Bluecoat AuthConnector 2.5
Bluecoat Advanced Secure Gateway 6.6
Apple Mac Os X 10.11.3
Apple Mac Os X 10.11.2
Apple Mac Os X 10.11.1
Apple Mac Os X 10.10.5
Apple Mac OS X 10.9.5
Apple Mac Os X 10.11.4
Apple Mac Os X 10.11

Not Vulnerable: McAfee Web Gateway 7.7
McAfee Web Gateway 7.6.2.4
McAfee Web Gateway 7.5.2.11
McAfee Email Gateway 7.6.406-3402.103
Juniper JUNOS Space 16.1R1
IBM Security Network Protection 5.3.2.4
IBM Security Network Protection 5.3.1.10
Apple Mac OS X Security Update 2016-003 0
Apple Mac Os X 10.11.5

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.

References:

• Apple Home Page (Apple)
  
• Mac OS X Homepage (Apple)
  
• 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16. (Juniper)
  
• Intel Security - Security Bulletin: McAfee Web Gateway update fixes several vuln (McAfee)
  
• isg3T1024088: Security Bulletin: Multiple vulnerabilities in libxml2 affect Powe (IBM)
  
• isg3T1024194: Libxml2 vulnerabilities affect IBM SmartCloud Entry (IBM)
  
• Oracle VM Server for x86 Bulletin - July 2016 (Oracle)
  
• Release Notes: McAfee® Email Gateway Appliance Patch 7.6.406 (McAfee)
  
• SA129: Multiple libxml2 Vulnerabilities (Bluecoat)
  
• swg21986974: Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM S (IBM)
  
• swg21989043 Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM MQ (IBM)
  
• swg21990750: Multiple vulnerabilities in libxml2 affect IBM Security Identity Go (IBM)
  
• ZDI-16-344: Apple OS X DTrace Privilege Escalation Vulnerability (ZDI)
  
• ZDI-16-345: (Pwn2Own) Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privile (ZDI)
  
• ZDI-16-346: (Pwn2Own) Apple OS X SubmitDiagInfo Arbitrary Directory Creation Pri (ZDI)
  
• ZDI-16-347: Apple OS X IOAudioFamily Buffer Overflow Privilege Escalation Vulner (ZDI)
  
• ZDI-16-358: Apple OS X WindowServer Use-After-Free Privilege Escalation Vulnerab (Zero Day Initiative)
  
• ZDI-16-360: (Pwn2Own) Apple OS X fontd Sandbox Escape Vulnerability (Zero Day Initiative)
  
• ZDI-16-361: (Pwn2Own) Apple OS X libATSServer Heap-based Buffer Overflow Remote (Zero Day Initiative)
  
• ZDI-16-497: Apple OS X AppleHDA Buffer Overflow Privilege Escalation Vulnerabili (Zero Day Initiative)
  

Source: www.securityfocus.com