Sign-up

ID

VAR-201702-0217


CVE

CVE-2016-7618


TITLE

Apple macOS of Foundation Arbitrary code execution vulnerabilities in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-007395

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. Foundation is one of the base layer components that defines Objective-C classes

Trust: 2.07

sources: NVD: CVE-2016-7618 // JVNDB: JVNDB-2016-007395 // BID: 94903 // VULHUB: VHN-96438 // VULMON: CVE-2016-7618

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.1

Trust: 1.0

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.2

Trust: 0.3

sources: BID: 94903 // JVNDB: JVNDB-2016-007395 // CNNVD: CNNVD-201612-494 // NVD: CVE-2016-7618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7618
value: HIGH

Trust: 1.0

NVD: CVE-2016-7618
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201612-494
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96438
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-7618
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7618
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-96438
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7618
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96438 // VULMON: CVE-2016-7618 // JVNDB: JVNDB-2016-007395 // CNNVD: CNNVD-201612-494 // NVD: CVE-2016-7618

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-96438 // JVNDB: JVNDB-2016-007395 // NVD: CVE-2016-7618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-494

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201612-494

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007395

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-12-13-1 macOS 10.12.2url:https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html
Trust: 0.8
title:HT207423url:https://support.apple.com/en-us/HT207423
Trust: 0.8
title:HT207423url:https://support.apple.com/ja-jp/HT207423
Trust: 0.8
title:Apple macOS Sierra Foundation Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66528
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-007395 // 
            
            
            
            CNNVD: CNNVD-201612-494

EXTERNAL IDS
db:NVDid:CVE-2016-7618
Trust: 2.9
db:BIDid:94903
Trust: 2.1
db:SECTRACKid:1037469
Trust: 1.2
db:JVNid:JVNVU97133642
Trust: 0.8
db:JVNDBid:JVNDB-2016-007395
Trust: 0.8
db:CNNVDid:CNNVD-201612-494
Trust: 0.7
db:VULHUBid:VHN-96438
Trust: 0.1
db:VULMONid:CVE-2016-7618
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96438 // 
            
            
            
            VULMON: CVE-2016-7618 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007395 // 
            
            
            
            CNNVD: CNNVD-201612-494 // 
            
            
            
            NVD: CVE-2016-7618

REFERENCES
url:http://www.securityfocus.com/bid/94903
Trust: 1.8
url:https://support.apple.com/ht207423
Trust: 1.8
url:http://www.securitytracker.com/id/1037469
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7618
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97133642/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7618
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96438 // 
            
            
            
            VULMON: CVE-2016-7618 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007395 // 
            
            
            
            CNNVD: CNNVD-201612-494 // 
            
            
            
            NVD: CVE-2016-7618

CREDITS
daybreaker@Minionz working with Trend Micro's Zero Day Initiative, an anonymous researcher, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, daybreaker of Minionz, Radu Motspan working with Trend Micro's Zero Day In
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201612-494

SOURCES
db:VULHUBid:VHN-96438
db:VULMONid:CVE-2016-7618
db:BIDid:94903
db:JVNDBid:JVNDB-2016-007395
db:CNNVDid:CNNVD-201612-494
db:NVDid:CVE-2016-7618

LAST UPDATE DATE
2025-04-20T21:02:19.431000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96438date:2017-07-27T00:00:00
db:VULMONid:CVE-2016-7618date:2017-07-27T00:00:00
db:BIDid:94903date:2016-12-20T00:09:00
db:JVNDBid:JVNDB-2016-007395date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-494date:2017-03-01T00:00:00
db:NVDid:CVE-2016-7618date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96438date:2017-02-20T00:00:00
db:VULMONid:CVE-2016-7618date:2017-02-20T00:00:00
db:BIDid:94903date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007395date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-494date:2016-12-15T00:00:00
db:NVDid:CVE-2016-7618date:2017-02-20T08:59:02.727