CVE-2016-1807
published 2016-05-20CVE-2016-1807: Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to…
PriorityP426medium5.1CVSS 3.0
AVLACHPRNUINSUCHINAN
EXPLOIT
EPSS
0.69%
48.3th percentile
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 9.3.2 | 9.3.2 |
| apple | mac_os_x | < 10.11.5 | 10.11.5 |
| apple | os_x_el_capitan_v10.11.5_and_security_update_2016-003 | — | — |
| apple | tvos | < 9.2.1 | 9.2.1 |
| apple | tvos | — | — |
| apple | watchos | < 2.2.1 | 2.2.1 |
| apple | watchos | — | — |
CVSS provenance
nvdv3.05.1MEDIUMCVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-1807: tvOS 9.2.1
vendor_apple·CVSS 5.1
CVE-2016-1807 [MEDIUM] CVE-2016-1807: tvOS 9.2.1
Apple Security Update: About the security content of tvOS 9.2.1
Product: tvOS
Version: 9.2.1
CVE: CVE-2016-1807
Component: CVE-ID
Apple
CVE-2016-1807: watchOS 2.2.1
vendor_apple·CVSS 5.1
CVE-2016-1807 [MEDIUM] CVE-2016-1807: watchOS 2.2.1
Apple Security Update: About the security content of watchOS 2.2.1
Product: watchOS
Version: 2.2.1
CVE: CVE-2016-1807
Component: CVE-ID
Apple
CVE-2016-1807: OS X El Capitan v10.11.5 and Security Update 2016-003
vendor_apple·CVSS 5.1
CVE-2016-1807 [MEDIUM] CVE-2016-1807: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple Security Update: About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003
Product: OS X El Capitan v10.11.5 and Security Update 2016-003
CVE: CVE-2016-1807
Component: CVE-ID
Apple
CVE-2016-1807: iOS 9.3.2
vendor_apple·CVSS 5.1
CVE-2016-1807 [MEDIUM] CVE-2016-1807: iOS 9.3.2
Apple Security Update: About the security content of iOS 9.3.2
Product: iOS
Version: 9.3.2
CVE: CVE-2016-1807
Component: CVE-ID
GHSA
GHSA-4xhq-99m3-rx24: Race condition in the Disk Images subsystem in Apple iOS before 9
ghsa_unreviewed·2022-05-14
CVE-2016-1807 [MEDIUM] CWE-362 GHSA-4xhq-99m3-rx24: Race condition in the Disk Images subsystem in Apple iOS before 9
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
No detection rules found.
Exploit-DB
MyBB 1.8.6 - Cross-Site Scripting
exploitdb·2016-11-10
MyBB 1.8.6 - Cross-Site Scripting
MyBB 1.8.6 - Cross-Site Scripting
---
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim Coen of Curesec GmbH
2. Overview
MyBB is forum software written in PHP. In version 1.8.6, it contains various
XSS vulnerabilities, some of which are reflected and some of which are
persistent. Some of them depend on custom forum or server settings.
These issues may lead to the injection of JavaScript keyloggers, injection of
content such as ads, or the bypassing of CSRF protec
Exploit-DB
MyBB 1.8.6 - SQL Injection
exploitdb·2016-09-19
MyBB 1.8.6 - SQL Injection
MyBB 1.8.6 - SQL Injection
---
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: MyBB 1.8.6
Fixed in: 1.8.7
Fixed Version Link: http://resources.mybb.com/downloads/mybb_1807.zip
Vendor Website: http://www.mybb.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 01/29/2016
Disclosed to public: 09/15/2016
Release mode: Coordinated Release
CVE: n/a
Credits Tim Coen of Curesec GmbH
2. Overview
MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a
second order SQL injection by an authenticated admin user, allowing the
extraction of data from the database.
3. Details
Description
CVSS: Medium 6.0 AV:N/AC:M/Au:S/C:P/I:P/A:P
The setting threadsperpage is vulnerable to second order error based SQL
injection.
Exploit-DB
Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
exploitdb·2016-06-10
CVE-2016-1807 Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient
---
/*
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=732
This is perhaps a more interesting UaF than just racing testNetBootMethod calls as there looks to be a path to getting free'd memory disclosed back to userspace.
Although the copyProperty macro used by is_io_registry_entry_get_property_bin takes the entry's properties lock before reading and
taking a reference on the property the testNetBootMethod external method directly calls the overriden setProperty without
taking that same lock. ::setProperty calls ::release on all the properties before nulling them out then replacing them
with new objects - we can get a UAF if we can get that ::rele
No writeups or analysis indexed.
http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://packetstormsecurity.com/files/137395/OS-X-iOS-Kernel-IOHDIXControllerUserClient-Use-After-Free.htmlhttp://www.securityfocus.com/bid/90694http://www.securitytracker.com/id/1035890https://bugs.chromium.org/p/project-zero/issues/detail?id=732https://support.apple.com/HT206564https://support.apple.com/HT206566https://support.apple.com/HT206567https://support.apple.com/HT206568https://www.exploit-db.com/exploits/39929/http://lists.apple.com/archives/security-announce/2016/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://packetstormsecurity.com/files/137395/OS-X-iOS-Kernel-IOHDIXControllerUserClient-Use-After-Free.htmlhttp://www.securityfocus.com/bid/90694http://www.securitytracker.com/id/1035890https://bugs.chromium.org/p/project-zero/issues/detail?id=732https://support.apple.com/HT206564https://support.apple.com/HT206566https://support.apple.com/HT206567https://support.apple.com/HT206568https://www.exploit-db.com/exploits/39929/
2016-05-20
Published