CVE-2016-1721

HIGH

Apple iOS <9.2.1, OS X <10.11.3, tvOS <9.1.1 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1721. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup describes a vulnerability in IOKit's _ool functions where error conditions are mishandled, leading to potential kernel crashes or arbitrary code execution due to uninitialized stack variables being passed to virtual functions.

Description

The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39358

View Code ZIP pw:eip

The writeup describes a vulnerability in IOKit's _ool functions where error conditions are mishandled, leading to potential kernel crashes or arbitrary code execution due to uninitialized stack variables being passed to virtual functions.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Apple IOKit (macOS/iOS)

No auth needed

Prerequisites: Access to a vulnerable macOS/iOS system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT206168

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205731

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205729

Mailing List, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135444/iOS-OS-X-Kernel-Uninitialized-Variable-Code-Execution.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034736

Mailing List, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html

Mailing List, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39358/

Mailing List, Vendor Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html

Exploit, Third Party Advisory x_refsource_misc

https://code.google.com/p/google-security-research/issues/detail?id=618

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT205732

Scores

CVSS v3 7.8

EPSS 0.0104

EPSS Percentile 59.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (4)

apple/iphone_os < 9.2.1

apple/mac_os_x < 10.11.3

apple/tvos < 9.1.1

apple/watchos < 2.2

Published Feb 01, 2016

Tracked Since Feb 18, 2026