Sign-up

ID

VAR-201702-0223


CVE

CVE-2016-7624


TITLE

Apple macOS of IOAcceleratorFamily Vulnerability in component critical kernel memory layout information retrieval

Trust: 0.8

sources: JVNDB: JVNDB-2016-007398

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within IOCommandQueue. The process does not properly validate user-supplied data which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges under the context of the kernel. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, obtain sensitive information, gain elevated privileges or cause a denial-of-service condition. IOAcceleratorFamily is one of the IO acceleration management components

Trust: 2.61

sources: NVD: CVE-2016-7624 // JVNDB: JVNDB-2016-007398 // ZDI: ZDI-16-685 // BID: 94903 // VULHUB: VHN-96444

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.1

Trust: 1.0

vendor:applemodel:macosscope: - version: -

Trust: 0.7

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.2

Trust: 0.3

sources: ZDI: ZDI-16-685 // BID: 94903 // JVNDB: JVNDB-2016-007398 // CNNVD: CNNVD-201612-497 // NVD: CVE-2016-7624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7624
value: LOW

Trust: 1.0

NVD: CVE-2016-7624
value: LOW

Trust: 0.8

ZDI: CVE-2016-7624
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201612-497
value: LOW

Trust: 0.6

VULHUB: VHN-96444
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-7624
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-7624
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-96444
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7624
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-16-685 // VULHUB: VHN-96444 // JVNDB: JVNDB-2016-007398 // CNNVD: CNNVD-201612-497 // NVD: CVE-2016-7624

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-96444 // JVNDB: JVNDB-2016-007398 // NVD: CVE-2016-7624

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201612-497

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-497

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007398

PATCH
title:HT207423url:https://support.apple.com/en-us/HT207423
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:APPLE-SA-2016-12-13-1 macOS 10.12.2url:https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html
Trust: 0.8
title:HT207423url:https://support.apple.com/ja-jp/HT207423
Trust: 0.8
title:Apple macOS Sierra IOAcceleratorFamily Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66531
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-685 // 
            
            
            
            JVNDB: JVNDB-2016-007398 // 
            
            
            
            CNNVD: CNNVD-201612-497

EXTERNAL IDS
db:NVDid:CVE-2016-7624
Trust: 3.5
db:BIDid:94903
Trust: 2.0
db:SECTRACKid:1037469
Trust: 1.1
db:JVNid:JVNVU97133642
Trust: 0.8
db:JVNDBid:JVNDB-2016-007398
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3854
Trust: 0.7
db:ZDIid:ZDI-16-685
Trust: 0.7
db:CNNVDid:CNNVD-201612-497
Trust: 0.7
db:VULHUBid:VHN-96444
Trust: 0.1
sources:
            
            
            ZDI: ZDI-16-685 // 
            
            
            
            VULHUB: VHN-96444 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007398 // 
            
            
            
            CNNVD: CNNVD-201612-497 // 
            
            
            
            NVD: CVE-2016-7624

REFERENCES
url:http://www.securityfocus.com/bid/94903
Trust: 1.7
url:https://support.apple.com/ht207423
Trust: 1.7
url:http://www.securitytracker.com/id/1037469
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7624
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97133642/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7624
Trust: 0.8
url:https://support.apple.com/en-us/ht207423
Trust: 0.7
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-685 // 
            
            
            
            VULHUB: VHN-96444 // 
            
            
            
            BID: 94903 // 
            
            
            
            JVNDB: JVNDB-2016-007398 // 
            
            
            
            CNNVD: CNNVD-201612-497 // 
            
            
            
            NVD: CVE-2016-7624

CREDITS
Qidan He(@flanker_hqd) from KeenLab
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-685

SOURCES
db:ZDIid:ZDI-16-685
db:VULHUBid:VHN-96444
db:BIDid:94903
db:JVNDBid:JVNDB-2016-007398
db:CNNVDid:CNNVD-201612-497
db:NVDid:CVE-2016-7624

LAST UPDATE DATE
2025-04-20T19:38:54.381000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-685date:2017-06-21T00:00:00
db:VULHUBid:VHN-96444date:2017-07-27T00:00:00
db:BIDid:94903date:2016-12-20T00:09:00
db:JVNDBid:JVNDB-2016-007398date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-497date:2017-02-27T00:00:00
db:NVDid:CVE-2016-7624date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:ZDIid:ZDI-16-685date:2017-06-21T00:00:00
db:VULHUBid:VHN-96444date:2017-02-20T00:00:00
db:BIDid:94903date:2016-12-13T00:00:00
db:JVNDBid:JVNDB-2016-007398date:2017-02-28T00:00:00
db:CNNVDid:CNNVD-201612-497date:2016-12-15T00:00:00
db:NVDid:CVE-2016-7624date:2017-02-20T08:59:02.917