Details of VAR-201702-0265

ID

VAR-201702-0265

CVE

CVE-2016-7714

TITLE

plural Apple Product IOKit Vulnerability in component critical kernel memory layout information retrieval

Trust: 0.8

sources: JVNDB: JVNDB-2016-007464

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within IOReportUserClient. The process does not properly validate user-supplied data which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges under the context of the kernel. Versions prior to iOS 10.2, macOS 10.12.2 and watchOS 3.1.3 are vulnerable. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. IOKit is one of the components that read system information

Trust: 2.7

sources: NVD: CVE-2016-7714 // JVNDB: JVNDB-2016-007464 // ZDI: ZDI-16-687 // BID: 96334 // VULHUB: VHN-96534 // VULMON: CVE-2016-7714

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.1	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.2 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	3.1.3 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7
vendor:	apple	model:	iphone os	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	watch os	scope:	eq	version:	3.1.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.2	Trust: 0.3

sources: ZDI: ZDI-16-687 // BID: 96334 // JVNDB: JVNDB-2016-007464 // CNNVD: CNNVD-201702-714 // NVD: CVE-2016-7714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7714
value:	LOW
Trust: 1.0
NVD:	CVE-2016-7714
value:	LOW
Trust: 0.8
ZDI:	CVE-2016-7714
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201702-714
value:	LOW
Trust: 0.6
VULHUB:	VHN-96534
value:	LOW
Trust: 0.1
VULMON:	CVE-2016-7714
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-7714
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2016-7714
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-96534
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7714
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-16-687 // VULHUB: VHN-96534 // VULMON: CVE-2016-7714 // JVNDB: JVNDB-2016-007464 // CNNVD: CNNVD-201702-714 // NVD: CVE-2016-7714

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-96534 // JVNDB: JVNDB-2016-007464 // NVD: CVE-2016-7714

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201702-714

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201702-714

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007464

PATCH

title:	HT207423	url:	https://support.apple.com/en-us/HT207423	Trust: 1.5
title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-12-12-3 tvOS 10.1	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-12-13-1 macOS 10.12.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00003.html	Trust: 0.8
title:	APPLE-SA-2017-01-23-3 watchOS 3.1.3	url:	https://lists.apple.com/archives/security-announce/2017/Jan/msg00004.html	Trust: 0.8
title:	APPLE-SA-2016-12-12-1 iOS 10.2	url:	https://lists.apple.com/archives/security-announce/2016/Dec/msg00000.html	Trust: 0.8
title:	HT207487	url:	https://support.apple.com/en-us/HT207487	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/en-us/HT207422	Trust: 0.8
title:	HT207425	url:	https://support.apple.com/en-us/HT207425	Trust: 0.8
title:	HT207423	url:	https://support.apple.com/ja-jp/HT207423	Trust: 0.8
title:	HT207425	url:	https://support.apple.com/ja-jp/HT207425	Trust: 0.8
title:	HT207487	url:	https://support.apple.com/ja-jp/HT207487	Trust: 0.8
title:	HT207422	url:	https://support.apple.com/ja-jp/HT207422	Trust: 0.8
title:	Multiple Apple product IOKit Fixes for component information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68139	Trust: 0.6
title:	Apple: watchOS 3.1.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b7712a97a28fd84ec2f617b3308d9e0d	Trust: 0.1
title:	Apple: tvOS 10.1	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c87fde3d637bb68ea6d051d96d21bf87	Trust: 0.1
title:	Apple: iOS 10.2	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=5bd521e9fa24323a07a29ff2eeb526f7	Trust: 0.1
title:	Apple: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=123eba6ece0d39a424cb657303ba745a	Trust: 0.1

sources: ZDI: ZDI-16-687 // VULMON: CVE-2016-7714 // JVNDB: JVNDB-2016-007464 // CNNVD: CNNVD-201702-714

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7714	Trust: 3.6
db:	JVN	id:	JVNVU97133642	Trust: 0.8
db:	JVN	id:	JVNVU97915630	Trust: 0.8
db:	JVN	id:	JVNVU93979172	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007464	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3856	Trust: 0.7
db:	ZDI	id:	ZDI-16-687	Trust: 0.7
db:	CNNVD	id:	CNNVD-201702-714	Trust: 0.7
db:	BID	id:	96334	Trust: 0.5
db:	VULHUB	id:	VHN-96534	Trust: 0.1
db:	VULMON	id:	CVE-2016-7714	Trust: 0.1

sources: ZDI: ZDI-16-687 // VULHUB: VHN-96534 // VULMON: CVE-2016-7714 // BID: 96334 // JVNDB: JVNDB-2016-007464 // CNNVD: CNNVD-201702-714 // NVD: CVE-2016-7714

REFERENCES

url:	https://support.apple.com/ht207422	Trust: 1.8
url:	https://support.apple.com/ht207423	Trust: 1.8
url:	https://support.apple.com/ht207487	Trust: 1.8
url:	https://support.apple.com/en-us/ht207423	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7714	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97133642/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97915630/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93979172/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7714	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://www.apple.com/osx/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	https://support.apple.com/en-us/ht207422	Trust: 0.3
url:	https://support.apple.com/en-us/ht207487	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/96334	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.apple.com/kb/ht207487	Trust: 0.1

sources: ZDI: ZDI-16-687 // VULHUB: VHN-96534 // VULMON: CVE-2016-7714 // BID: 96334 // JVNDB: JVNDB-2016-007464 // CNNVD: CNNVD-201702-714 // NVD: CVE-2016-7714

CREDITS

Qidan He(@flanker_hqd) from KeenLab

Trust: 0.7

sources: ZDI: ZDI-16-687

SOURCES

db:	ZDI	id:	ZDI-16-687
db:	VULHUB	id:	VHN-96534
db:	VULMON	id:	CVE-2016-7714
db:	BID	id:	96334
db:	JVNDB	id:	JVNDB-2016-007464
db:	CNNVD	id:	CNNVD-201702-714
db:	NVD	id:	CVE-2016-7714

LAST UPDATE DATE

2025-04-20T22:02:14.577000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-687	date:	2017-06-21T00:00:00
db:	VULHUB	id:	VHN-96534	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2016-7714	date:	2018-10-30T00:00:00
db:	BID	id:	96334	date:	2017-03-07T02:05:00
db:	JVNDB	id:	JVNDB-2016-007464	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201702-714	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7714	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-687	date:	2017-06-21T00:00:00
db:	VULHUB	id:	VHN-96534	date:	2017-02-20T00:00:00
db:	VULMON	id:	CVE-2016-7714	date:	2017-02-20T00:00:00
db:	BID	id:	96334	date:	2017-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2016-007464	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201702-714	date:	2017-02-22T00:00:00
db:	NVD	id:	CVE-2016-7714	date:	2017-02-20T08:59:04.447