Vulnerability-Lookup

CVE-2016-1789 (GCVE-0-2016-1789)

Vulnerability from cvelistv5 – Published: 2016-04-05 14:00 – Updated: 2024-08-05 23:10

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

GHSA-XFVH-G622-8M82

Vulnerability from github – Published: 2022-05-17 03:31 – Updated: 2022-05-17 03:31

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1789"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-05T17:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-xfvh-g622-8m82",
  "modified": "2022-05-17T03:31:23Z",
  "published": "2022-05-17T03:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1789"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT206224"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-1789

Vulnerability from fkie_nvd - Published: 2016-04-05 17:59 - Updated: 2025-04-12 10:46

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html
product-security@apple.com	https://support.apple.com/kb/HT206224	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT206224	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	ibooks_author	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:ibooks_author:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "350C92F5-41AA-4C8E-A8CD-049E1D834B1F",
              "versionEndIncluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "Apple iBooks Author en versiones anteriores a 2.4.1 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un archivo iBooks Author que contiene una declaraci\u00f3n de entidad externa XML en conjunci\u00f3n con una referencia de entidad, relacionada con un problema XML External Entity (XXE)"
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2016-1789",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-05T17:59:09.817",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT206224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT206224"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-1789

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1789

Aliases

CVE-2016-1789

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1789",
    "description": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
    "id": "GSD-2016-1789"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1789"
      ],
      "details": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
      "id": "GSD-2016-1789",
      "modified": "2023-12-13T01:21:24.934443Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2016-1789",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/kb/HT206224",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT206224"
          },
          {
            "name": "APPLE-SA-2016-03-31-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:ibooks_author:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2016-1789"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/kb/HT206224",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT206224"
            },
            {
              "name": "APPLE-SA-2016-03-31-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-03T03:23Z",
      "publishedDate": "2016-04-05T17:59Z"
    }
  }
}

VAR-201604-0526

Vulnerability from variot - Updated: 2025-04-12 23:25

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Attackers can exploit this issue to gain unauthorized access, and obtain potentially sensitive information. This may lead to further attacks. Versions prior to iBooks Author 2.4.1 are vulnerable. Apple iBooks Author is a set of apps from Apple (Apple) that can be obtained for free from the Mac App Store and is used to create Multi-Touch (Multi-Touch) e-books for the iPad and other e-books of any category. It supports the use of Rich content such as galleries, videos, interactive charts, 3D objects, mathematical expressions, etc. This issue was addressed through improved parsing.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW/ZD8AAoJEBcWfLTuOo7t0tEP/jOndtapfdeu3rZ9jz8kvC0U llXs4fFSacP++PWNAtLbh5zVf619YIicylTUVtGI2jAv2HPZNQN0r3K48e6Oa7Pr LOPk1zR+jcU+0pn72lnO/0OzUdpa+lWoY+K2pnEbP40dBMM8OBO6oQzhHhWquZSE N8jM+A2eO+UoxpfHFSopNmOnrVqvJCFTUYhlS8e2uYAPsZglZkPA20Z7VSju+sLA HGvu3TB771dv3TpL+3kScYhH/yChEmFFHa5rG51C7UHgTLbfSYLcABRGpmNyyufa p+nfqGuRc5CY67XacmcXqxJ3iqYjDlCNqcQl0HtCf+wZFky2xdBJ6G7ASbyDDeFP APkisPOt6O+sYtfRiDKs8bqZiey2PR6ft2/1n4FMJv19VOTmhnlG7J1RWQm2ObOg HCEYej6D21uzpRwbL9Ott5LF7uguHIW96g/ezZw7Q3TAWVbSDaFmxy8y1Fu5xSyo +5vivMoPo4NME6NYU0SYxb/FzzcPv6VyeP+et2rgADcOwYieN3lQiRJRLWgODwgt jcw/QVViq9hNIYIocjr4kXpD324SPhJdm55oDA98xJenlcxV7Uy8pEsbr2j2/+yK E9Fn633U8YttSnqHqKgjQVLv5mBuDLzEG4HbR3FQNWMUBN6btUL9gY6acH75FP4p /9/+EO8HZte9pHuNjeTk =/Ihd -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0526",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ibooks author",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.4.0"
      },
      {
        "model": "ibooks author",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.4.1   (os x yosemite v10.10 or later )"
      },
      {
        "model": "ibooks author",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "2.4.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apple:ibooks_author",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-1789",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-1789",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-90608",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2016-1789",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1789",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1789",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-458",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90608",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. \nAttackers can exploit this issue to gain unauthorized access, and obtain  potentially sensitive information. This may lead to further attacks. \nVersions prior to iBooks Author 2.4.1 are vulnerable. Apple iBooks Author is a set of apps from Apple (Apple) that can be obtained for free from the Mac App Store and is used to create Multi-Touch (Multi-Touch) e-books for the iPad and other e-books of any category. It supports the use of Rich content such as galleries, videos, interactive charts, 3D objects, mathematical expressions, etc. This issue was addressed through improved\nparsing. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW/ZD8AAoJEBcWfLTuOo7t0tEP/jOndtapfdeu3rZ9jz8kvC0U\nllXs4fFSacP++PWNAtLbh5zVf619YIicylTUVtGI2jAv2HPZNQN0r3K48e6Oa7Pr\nLOPk1zR+jcU+0pn72lnO/0OzUdpa+lWoY+K2pnEbP40dBMM8OBO6oQzhHhWquZSE\nN8jM+A2eO+UoxpfHFSopNmOnrVqvJCFTUYhlS8e2uYAPsZglZkPA20Z7VSju+sLA\nHGvu3TB771dv3TpL+3kScYhH/yChEmFFHa5rG51C7UHgTLbfSYLcABRGpmNyyufa\np+nfqGuRc5CY67XacmcXqxJ3iqYjDlCNqcQl0HtCf+wZFky2xdBJ6G7ASbyDDeFP\nAPkisPOt6O+sYtfRiDKs8bqZiey2PR6ft2/1n4FMJv19VOTmhnlG7J1RWQm2ObOg\nHCEYej6D21uzpRwbL9Ott5LF7uguHIW96g/ezZw7Q3TAWVbSDaFmxy8y1Fu5xSyo\n+5vivMoPo4NME6NYU0SYxb/FzzcPv6VyeP+et2rgADcOwYieN3lQiRJRLWgODwgt\njcw/QVViq9hNIYIocjr4kXpD324SPhJdm55oDA98xJenlcxV7Uy8pEsbr2j2/+yK\nE9Fn633U8YttSnqHqKgjQVLv5mBuDLzEG4HbR3FQNWMUBN6btUL9gY6acH75FP4p\n/9/+EO8HZte9pHuNjeTk\n=/Ihd\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "BID",
        "id": "85766"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "db": "PACKETSTORM",
        "id": "136536"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1789",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "32866",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2016.0831",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "85766",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "136536",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-90608",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "db": "BID",
        "id": "85766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "id": "VAR-201604-0526",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90608"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-12T23:25:47.164000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2016-03-31-1 iBooks Author 2.4.1",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html"
      },
      {
        "title": "HT206224",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206224"
      },
      {
        "title": "HT206224",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT206224"
      },
      {
        "title": "Apple iBooks Author Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60738"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00008.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht206224"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1789"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1789"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht206224"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/render.html?it=32986"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/32866"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1789"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht201222"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "db": "BID",
        "id": "85766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "db": "BID",
        "id": "85766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "db": "PACKETSTORM",
        "id": "136536"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "date": "2016-03-31T00:00:00",
        "db": "BID",
        "id": "85766"
      },
      {
        "date": "2016-04-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "date": "2016-04-01T14:44:44",
        "db": "PACKETSTORM",
        "id": "136536"
      },
      {
        "date": "2016-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "date": "2016-04-05T17:59:09.817000",
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90608"
      },
      {
        "date": "2016-07-06T14:19:00",
        "db": "BID",
        "id": "85766"
      },
      {
        "date": "2016-04-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      },
      {
        "date": "2016-04-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-1789"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iBooks Author Vulnerable to reading arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001937"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-458"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-01983

Vulnerability from cnvd - Published: 2016-04-05

Title

Apple iBooks Author XML外部实体引用漏洞

Description

Apple iBooks Author是一套可从Mac App Store免费获得且用于为iPad制作多点触控电子书以及其他任何类别的电子书的APP，它支持借助图库、视频、互动式图表、3D 物体、数学表达式等丰富内容。 Apple iBooks Author存在XML外部实体引用漏洞，远程攻击者可构建特制的iBooks Author文件，泄露敏感的用户信息。

Severity

中

Patch Name

Apple iBooks Author XML外部实体引用漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://support.apple.com/en-us/HT206224

Reference

https://support.apple.com/en-us/HT206224

Impacted products

Name
Apple OS X Yosemite >=10.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1789"
    }
  },
  "description": "Apple iBooks Author\u662f\u4e00\u5957\u53ef\u4eceMac App Store\u514d\u8d39\u83b7\u5f97\u4e14\u7528\u4e8e\u4e3aiPad\u5236\u4f5c\u591a\u70b9\u89e6\u63a7\u7535\u5b50\u4e66\u4ee5\u53ca\u5176\u4ed6\u4efb\u4f55\u7c7b\u522b\u7684\u7535\u5b50\u4e66\u7684APP\uff0c\u5b83\u652f\u6301\u501f\u52a9\u56fe\u5e93\u3001\u89c6\u9891\u3001\u4e92\u52a8\u5f0f\u56fe\u8868\u30013D \u7269\u4f53\u3001\u6570\u5b66\u8868\u8fbe\u5f0f\u7b49\u4e30\u5bcc\u5185\u5bb9\u3002\r\n\r\nApple iBooks Author\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6784\u5efa\u7279\u5236\u7684iBooks Author\u6587\u4ef6\uff0c\u6cc4\u9732\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\u3002",
  "discovererName": "Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/HT206224",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01983",
  "openTime": "2016-04-05",
  "patchDescription": "Apple iBooks Author\u662f\u4e00\u5957\u53ef\u4eceMac App Store\u514d\u8d39\u83b7\u5f97\u4e14\u7528\u4e8e\u4e3aiPad\u5236\u4f5c\u591a\u70b9\u89e6\u63a7\u7535\u5b50\u4e66\u4ee5\u53ca\u5176\u4ed6\u4efb\u4f55\u7c7b\u522b\u7684\u7535\u5b50\u4e66\u7684APP\uff0c\u5b83\u652f\u6301\u501f\u52a9\u56fe\u5e93\u3001\u89c6\u9891\u3001\u4e92\u52a8\u5f0f\u56fe\u8868\u30013D \u7269\u4f53\u3001\u6570\u5b66\u8868\u8fbe\u5f0f\u7b49\u4e30\u5bcc\u5185\u5bb9\u3002\r\n\r\nApple iBooks Author\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u6784\u5efa\u7279\u5236\u7684iBooks Author\u6587\u4ef6\uff0c\u6cc4\u9732\u654f\u611f\u7684\u7528\u6237\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iBooks Author XML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple OS X Yosemite \u003e=10.10"
  },
  "referenceLink": "https://support.apple.com/en-us/HT206224",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-03",
  "title": "Apple iBooks Author XML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1789 (GCVE-0-2016-1789)

GHSA-XFVH-G622-8M82

FKIE_CVE-2016-1789

GSD-2016-1789

VAR-201604-0526

CNVD-2016-01983

Tags

Sightings

Nomenclature