Vulnerability Details : CVE-2016-7637
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-7637
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-7637
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-7637
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7637
-
http://www.securitytracker.com/id/1037469
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Deny Service and Gain Elevated Privileges - SecurityTracker
-
https://support.apple.com/HT207487
About the security content of watchOS 3.1.3 - Apple SupportVendor Advisory
-
https://www.exploit-db.com/exploits/40957/
Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation
-
https://support.apple.com/HT207423
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple SupportVendor Advisory
-
https://support.apple.com/HT207422
About the security content of iOS 10.2 - Apple SupportVendor Advisory
-
https://www.exploit-db.com/exploits/40931/
Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free
-
http://www.securityfocus.com/bid/94905
Apple macOS/watchOS/iOS/tvOS Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2016-7637
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*