Vulnerability Details : CVE-2016-7660
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
Exploit prediction scoring system (EPSS) score for CVE-2016-7660
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-7660
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7660
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7660
-
http://www.securitytracker.com/id/1037469
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges - SecurityTracker
-
https://support.apple.com/HT207487
About the security content of watchOS 3.1.3 - Apple SupportVendor Advisory
-
https://www.exploit-db.com/exploits/40959/
Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
-
https://support.apple.com/HT207423
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple SupportVendor Advisory
-
https://support.apple.com/HT207422
About the security content of iOS 10.2 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/94905
Apple macOS/watchOS/iOS/tvOS Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2016-7660
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*