Details of VAR-201702-0207

ID

VAR-201702-0207

CVE

CVE-2016-7608

TITLE

Apple macOS of IOFireWireFamily Vulnerability in components that can obtain important information from kernel memory

Trust: 0.8

sources: JVNDB: JVNDB-2016-007392

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. IOFireWireFamily is one of the components used to identify input and output devices. An attacker can exploit this vulnerability to read kernel memory

Trust: 1.98

sources: NVD: CVE-2016-7608 // JVNDB: JVNDB-2016-007392 // BID: 94903 // VULHUB: VHN-96428

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.2	Trust: 0.3

sources: BID: 94903 // JVNDB: JVNDB-2016-007392 // CNNVD: CNNVD-201612-498 // NVD: CVE-2016-7608

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7608
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7608
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-498
value:	LOW
Trust: 0.6
VULHUB:	VHN-96428
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-7608
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96428
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7608
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96428 // JVNDB: JVNDB-2016-007392 // CNNVD: CNNVD-201612-498 // NVD: CVE-2016-7608

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-96428 // JVNDB: JVNDB-2016-007392 // NVD: CVE-2016-7608

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201612-498

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-498

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007392

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-96428

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-13-1 macOS 10.12.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/en-us/HT207423	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/ja-jp/HT207423	Trust: 0.8
title:	Apple macOS Sierra IOFireWireFamily Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66532	Trust: 0.6

sources: JVNDB: JVNDB-2016-007392 // CNNVD: CNNVD-201612-498

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7608	Trust: 2.8
db:	BID	id:	94903	Trust: 2.0
db:	SECTRACK	id:	1037469	Trust: 1.1
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007392	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-498	Trust: 0.7
db:	EXPLOIT-DB	id:	44235	Trust: 0.1
db:	VULHUB	id:	VHN-96428	Trust: 0.1

sources: VULHUB: VHN-96428 // BID: 94903 // JVNDB: JVNDB-2016-007392 // CNNVD: CNNVD-201612-498 // NVD: CVE-2016-7608

REFERENCES

url:	http://www.securityfocus.com/bid/94903	Trust: 1.7
url:	https://support.apple.com/ht207423	Trust: 1.7
url:	http://www.securitytracker.com/id/1037469	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7608	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7608	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-96428 // BID: 94903 // JVNDB: JVNDB-2016-007392 // CNNVD: CNNVD-201612-498 // NVD: CVE-2016-7608

CREDITS

daybreaker@Minionz working with Trend Micro's Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro's Zero Day In

Trust: 0.6

sources: CNNVD: CNNVD-201612-498

SOURCES

db:	VULHUB	id:	VHN-96428
db:	BID	id:	94903
db:	JVNDB	id:	JVNDB-2016-007392
db:	CNNVD	id:	CNNVD-201612-498
db:	NVD	id:	CVE-2016-7608

LAST UPDATE DATE

2025-04-20T21:58:19.032000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96428	date:	2017-07-27T00:00:00
db:	BID	id:	94903	date:	2016-12-20T00:09:00
db:	JVNDB	id:	JVNDB-2016-007392	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201612-498	date:	2017-03-01T00:00:00
db:	NVD	id:	CVE-2016-7608	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96428	date:	2017-02-20T00:00:00
db:	BID	id:	94903	date:	2016-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-007392	date:	2017-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201612-498	date:	2016-12-15T00:00:00
db:	NVD	id:	CVE-2016-7608	date:	2017-02-20T08:59:02.387