ID CVE-2016-7621
Summary An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
References
Vulnerable Configurations
  • Apple WatchOS 2.2.2
    cpe:2.3:o:apple:watchos:2.2.2
  • Apple iPhone OS 10.1.1
    cpe:2.3:o:apple:iphone_os:10.1.1
  • Apple Mac OS X 10.12.1
    cpe:2.3:o:apple:mac_os_x:10.12.1
CVSS
Base: 7.2 (as of 21-02-2017 - 15:32)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description MacOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free. CVE-2016-7621. Local exploit for ma...
file exploits/macos/local/40956.c
id EDB-ID:40956
last seen 2016-12-22
modified 2016-12-22
platform macos
port
published 2016-12-22
reporter Exploit-DB
source https://www.exploit-db.com/download/40956/
title MacOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free
type local
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOS_10_12_2.NASL
description The remote host is running a version of macOS that is 10.12.x prior to 10.12.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache_mod_php - AppleGraphicsPowerManagement - Assets - Audio - Bluetooth - CoreCapture - CoreFoundation - CoreGraphics - CoreMedia External Displays - CoreMedia Playback - CoreStorage - CoreText - curl - Directory Services - Disk Images - FontParser - Foundation - Grapher - ICU - ImageIO - Intel Graphics Driver - IOFireWireFamily - IOAcceleratorFamily - IOHIDFamily - IOKit - IOSurface - Kernel - kext tools - libarchive - LibreSSL - OpenLDAP - OpenPAM - OpenSSL - Power Management - Security - syslog - WiFi - xar Note that successful exploitation of the most serious issues can result in arbitrary code execution. Furthermore, CVE-2016-6304, CVE-2016-7596, and CVE-2016-7604 also affect Mac OS X versions 10.10.5 and 10.11.6. However, this plugin does not check those versions.
last seen 2019-02-21
modified 2018-07-14
plugin id 95917
published 2016-12-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=95917
title macOS 10.12.x < 10.12.2 Multiple Vulnerabilities
refmap via4
bid 94905
confirm
exploit-db 40956
sectrack 1037469
Last major update 21-02-2017 - 19:01
Published 20-02-2017 - 03:59
Last modified 30-10-2018 - 12:27
Back to Top