CVE-2016-7617

HIGH

Apple Mac OS X < 10.12.1 - Denial of Service

Title source: rule

Description

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmacos

https://www.exploit-db.com/exploits/40952

View Code ZIP pw:eip

exploitdb WORKING POC

by Brandon Azad · localmacos

https://www.exploit-db.com/exploits/44237

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037469

[Vendor Advisory] https://support.apple.com/HT207423

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94903

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40952/

Scores

CVSS v3 7.8

EPSS 0.0142

EPSS Percentile 80.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (1)

apple/mac_os_x < 10.12.1

Published Feb 20, 2017

Tracked Since Feb 18, 2026