HTTP: Apple CoreGraphics JPEG Memory Corruption

This signature detects attempts to exploit a known vulnerability in the CoreGraphics component when handling specially crafted JPEG files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.

Extended Description

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.

Affected Products

Apple iphone_os

References

CVE: CVE-2016-4673

Short Name
HTTP:STC:DL:APPLE-COREGRAPH-MC
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2016-4673 CoreGraphics Corruption JPEG Memory
Release Date
12/01/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Apple

CVSS Score

6.8

Found a potential security threat?