CVE-2016-7608

MEDIUM

macOS < 10.12.2 - Unauthorized Kernel Memory Exposure via IOFireWireFamily

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-7608. PoCs published by Brandon Azad, bazad.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in IOFireWireFamily via IOFireWireUserClient::localConfigDirectory_Publish. It allocates a large buffer and triggers the vulnerability through IOConnectCallMethod, potentially leading to kernel memory corruption.

Description

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

Exploits (2)

exploitdb WORKING POC

by Brandon Azad · cdosmacos

https://www.exploit-db.com/exploits/44235

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow in IOFireWireFamily via IOFireWireUserClient::localConfigDirectory_Publish. It allocates a large buffer and triggers the vulnerability through IOConnectCallMethod, potentially leading to kernel memory corruption.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: IOFireWireFamily (macOS kernel)

No auth needed

Prerequisites: Access to a vulnerable macOS system with IOFireWireFamily loaded

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by bazad · poc

https://github.com/bazad/IOFireWireFamily-overflow

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2016-7608, a buffer overflow in IOFireWireUserClient on macOS. The exploit demonstrates how arbitrary data can overflow a fixed-size memory region, leading to denial of service or potential code execution.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: macOS Sierra 10.12.1 and earlier

No auth needed

Prerequisites: FireWire port on the target device

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94903

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037469

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT207423

Scores

CVSS v3 5.5

EPSS 0.0110

EPSS Percentile 61.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

apple/mac_os_x < 10.12.1

Published Feb 20, 2017

Tracked Since Feb 18, 2026