Details of VAR-201702-0212

ID

VAR-201702-0212

CVE

CVE-2016-7613

TITLE

plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts

Trust: 0.8

sources: JVNDB: JVNDB-2016-007481

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning. There is. Apple iOS and macOS are prone to a local code-execution vulnerability. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. The following products and versions are affected: Apple watchOS prior to 3.1, tvOS prior to 10.0.1, iOS prior to 10.1, and macOS Sierra prior to 10.12.1

Trust: 1.98

sources: NVD: CVE-2016-7613 // JVNDB: JVNDB-2016-007481 // BID: 94116 // VULHUB: VHN-96433

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lte	version:	10.0.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	10.0.3	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.2.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.1 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.0.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	3.1 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.0.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.0	Trust: 0.6
vendor:	apple	model:	watch os	scope:	eq	version:	3.0.0	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.6
vendor:	apple	model:	safari	scope:	eq	version:	10.0.0	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.1	Trust: 0.3

sources: BID: 94116 // JVNDB: JVNDB-2016-007481 // CNNVD: CNNVD-201611-113 // NVD: CVE-2016-7613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7613
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7613
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201611-113
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-96433
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-7613
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96433
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7613
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96433 // JVNDB: JVNDB-2016-007481 // CNNVD: CNNVD-201611-113 // NVD: CVE-2016-7613

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-96433 // JVNDB: JVNDB-2016-007481 // NVD: CVE-2016-7613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-113

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-113

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007481

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-10-24-4 tvOS 10.0.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00003.html	Trust: 0.8
title:	APPLE-SA-2016-10-24-5 watchOS 3.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00004.html	Trust: 0.8
title:	APPLE-SA-2016-10-24-1 iOS 10.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00000.html	Trust: 0.8
title:	HT207270	url:	https://support.apple.com/en-us/HT207270	Trust: 0.8
title:	HT207271	url:	https://support.apple.com/en-us/HT207271	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/en-us/HT207275	Trust: 0.8
title:	HT207269	url:	https://support.apple.com/en-us/HT207269	Trust: 0.8
title:	HT207269	url:	https://support.apple.com/ja-jp/HT207269	Trust: 0.8
title:	HT207270	url:	https://support.apple.com/ja-jp/HT207270	Trust: 0.8
title:	HT207271	url:	https://support.apple.com/ja-jp/HT207271	Trust: 0.8
title:	HT207275	url:	https://support.apple.com/ja-jp/HT207275	Trust: 0.8
title:	Apple iOS and Apple macOS Fixes for local code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65485	Trust: 0.6
title:	Apple iOS and Apple macOS Fixes for local code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65338	Trust: 0.6

sources: JVNDB: JVNDB-2016-007481 // CNNVD: CNNVD-201611-113

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7613	Trust: 2.8
db:	BID	id:	94116	Trust: 2.0
db:	JVN	id:	JVNVU90743185	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007481	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-113	Trust: 0.7
db:	VULHUB	id:	VHN-96433	Trust: 0.1

sources: VULHUB: VHN-96433 // BID: 94116 // JVNDB: JVNDB-2016-007481 // CNNVD: CNNVD-201611-113 // NVD: CVE-2016-7613

REFERENCES

url:	http://www.securityfocus.com/bid/94116	Trust: 1.7
url:	https://support.apple.com/ht207269	Trust: 1.7
url:	https://support.apple.com/ht207270	Trust: 1.7
url:	https://support.apple.com/ht207271	Trust: 1.7
url:	https://support.apple.com/ht207275	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7613	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90743185/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7613	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/appletv/features.html	Trust: 0.3
url:	http://www.apple.com/ipad/	Trust: 0.3
url:	http://www.apple.com/iphone/	Trust: 0.3
url:	http://www.apple.com/ipodtouch/	Trust: 0.3
url:	https://support.apple.com/en-us/ht207271	Trust: 0.3
url:	https://support.apple.com/en-us/ht207275	Trust: 0.3
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=837&can=1&q=&sort=-modified%20-id&colspec=id%20status%20owner%20summary%20modified%20cve	Trust: 0.3

sources: VULHUB: VHN-96433 // BID: 94116 // JVNDB: JVNDB-2016-007481 // CNNVD: CNNVD-201611-113 // NVD: CVE-2016-7613

CREDITS

Ian Beer of Google Project Zero

Trust: 0.9

sources: BID: 94116 // CNNVD: CNNVD-201611-113

SOURCES

db:	VULHUB	id:	VHN-96433
db:	BID	id:	94116
db:	JVNDB	id:	JVNDB-2016-007481
db:	CNNVD	id:	CNNVD-201611-113
db:	NVD	id:	CVE-2016-7613

LAST UPDATE DATE

2025-04-20T21:56:06.884000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96433	date:	2018-10-30T00:00:00
db:	BID	id:	94116	date:	2016-11-24T01:08:00
db:	JVNDB	id:	JVNDB-2016-007481	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-113	date:	2017-03-01T00:00:00
db:	NVD	id:	CVE-2016-7613	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96433	date:	2017-02-20T00:00:00
db:	BID	id:	94116	date:	2016-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-007481	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-113	date:	2016-11-08T00:00:00
db:	NVD	id:	CVE-2016-7613	date:	2017-02-20T08:59:02.573