CVE-2016-1807
MEDIUMApple <9.3.2, <10.11.5, <9.2.1, <2.2.1 - Info Disclosure
Title source: llmDescription
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · cdosmultiple
https://www.exploit-db.com/exploits/39929
References (13)
Core 13
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206567
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/137395/OS-X-iOS-Kernel-IOHDIXControllerUserClient-Use-After-Free.html
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206566
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/90694
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206564
Exploit, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=732
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/39929/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035890
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206568
Mailing List, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
Scores
CVSS v3
5.1
EPSS
0.0013
EPSS Percentile
31.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-362
Status
published
Products (4)
apple/iphone_os
< 9.3.2
apple/mac_os_x
< 10.11.5
apple/tvos
< 9.2.1
apple/watchos
< 2.2.1
Published
May 20, 2016
Tracked Since
Feb 18, 2026