CVE-2016-1807

MEDIUM

Apple <9.3.2, <10.11.5, <9.2.1, <2.2.1 - Info Disclosure

Title source: llm

Description

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/39929

View Code ZIP pw:eip

References (13)

[Mailing List, Vendor Advisory] http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

[Mailing List, Vendor Advisory] http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

[Mailing List, Vendor Advisory] http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

[Mailing List, Vendor Advisory] http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/137395/OS-X-iOS-Kernel-IOHDIXControllerUserClient-Use-After-Free.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90694

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035890

[Exploit, Third Party Advisory] https://bugs.chromium.org/p/project-zero/issues/detail?id=732

[Vendor Advisory] https://support.apple.com/HT206564

[Vendor Advisory] https://support.apple.com/HT206566

[Vendor Advisory] https://support.apple.com/HT206567

[Vendor Advisory] https://support.apple.com/HT206568

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39929/

Scores

CVSS v3 5.1

EPSS 0.0013

EPSS Percentile 31.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-362

Status draft

Affected Products (4)

apple/mac_os_x < 10.11.5

apple/watchos < 2.2.1

apple/tvos < 9.2.1

apple/iphone_os < 9.3.2

Timeline

Published May 20, 2016

Tracked Since Feb 18, 2026