Details of VAR-201702-0464

ID

VAR-201702-0464

CVE

CVE-2016-7583

TITLE

Apple iCloud of iCloud Privileged vulnerability in component setup subsystem

Trust: 0.8

sources: JVNDB: JVNDB-2016-007446

DESCRIPTION

An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. Apple iCloud for Windows is a cloud service based on the Windows platform of Apple (Apple), which supports the storage of music, photos, Apps and contacts

Trust: 1.98

sources: NVD: CVE-2016-7583 // JVNDB: JVNDB-2016-007446 // BID: 94570 // VULHUB: VHN-96403

AFFECTED PRODUCTS

vendor:	apple	model:	icloud	scope:	lte	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	icloud	scope:	lt	version:	6.0.1 (windows 7 or later )	Trust: 0.8
vendor:	apple	model:	icloud	scope:	eq	version:	6.0.0	Trust: 0.6
vendor:	apple	model:	icloud	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	icloud	scope:	ne	version:	6.0.1	Trust: 0.3

sources: BID: 94570 // JVNDB: JVNDB-2016-007446 // CNNVD: CNNVD-201611-674 // NVD: CVE-2016-7583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7583
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7583
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201611-674
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-96403
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-7583
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96403
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7583
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96403 // JVNDB: JVNDB-2016-007446 // CNNVD: CNNVD-201611-674 // NVD: CVE-2016-7583

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-96403 // JVNDB: JVNDB-2016-007446 // NVD: CVE-2016-7583

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201611-674

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-674

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007446

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	APPLE-SA-2016-10-27-2 iCloud for Windows v6.0.1	url:	https://lists.apple.com/archives/security-announce/2016/Oct/msg00006.html	Trust: 0.8
title:	HT207273	url:	https://support.apple.com/en-us/HT207273	Trust: 0.8
title:	HT207273	url:	https://support.apple.com/ja-jp/HT207273	Trust: 0.8
title:	Apple iCloud Setup Fixes for remote code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65945	Trust: 0.6

sources: JVNDB: JVNDB-2016-007446 // CNNVD: CNNVD-201611-674

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7583	Trust: 2.8
db:	BID	id:	94570	Trust: 2.0
db:	JVN	id:	JVNVU97557859	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-007446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-674	Trust: 0.7
db:	VULHUB	id:	VHN-96403	Trust: 0.1

sources: VULHUB: VHN-96403 // BID: 94570 // JVNDB: JVNDB-2016-007446 // CNNVD: CNNVD-201611-674 // NVD: CVE-2016-7583

REFERENCES

url:	http://www.securityfocus.com/bid/94570	Trust: 1.7
url:	https://support.apple.com/ht207273	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7583	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97557859/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7583	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	https://support.apple.com/en-us/ht207273	Trust: 0.3

sources: VULHUB: VHN-96403 // BID: 94570 // JVNDB: JVNDB-2016-007446 // CNNVD: CNNVD-201611-674 // NVD: CVE-2016-7583

CREDITS

Nitesh Kumar Shilpkar.

Trust: 0.9

sources: BID: 94570 // CNNVD: CNNVD-201611-674

SOURCES

db:	VULHUB	id:	VHN-96403
db:	BID	id:	94570
db:	JVNDB	id:	JVNDB-2016-007446
db:	CNNVD	id:	CNNVD-201611-674
db:	NVD	id:	CVE-2016-7583

LAST UPDATE DATE

2025-04-20T21:43:41.213000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96403	date:	2017-02-21T00:00:00
db:	BID	id:	94570	date:	2016-12-20T02:03:00
db:	JVNDB	id:	JVNDB-2016-007446	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-674	date:	2017-03-03T00:00:00
db:	NVD	id:	CVE-2016-7583	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96403	date:	2017-02-20T00:00:00
db:	BID	id:	94570	date:	2016-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-007446	date:	2017-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201611-674	date:	2016-10-27T00:00:00
db:	NVD	id:	CVE-2016-7583	date:	2017-02-20T08:59:01.603