CVE-2016-7633

HIGH

macOS < 10.12.2 - Use-After-Free in Directory Services

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7633. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a double-free vulnerability in the MIG (Mach Interface Generator) subsystem of macOS, specifically targeting the `com.apple.system.DirectoryService.legacy` service. It demonstrates a race condition where OOL (out-of-line) memory is deallocated twice due to incorrect handling of the `deallocate` flag in mach messages.

Description

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · cdosmacos
https://www.exploit-db.com/exploits/40954

This PoC exploits a double-free vulnerability in the MIG (Mach Interface Generator) subsystem of macOS, specifically targeting the `com.apple.system.DirectoryService.legacy` service. It demonstrates a race condition where OOL (out-of-line) memory is deallocated twice due to incorrect handling of the `deallocate` flag in mach messages.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: macOS Sierra 10.12 16A323 (and potentially other versions)
No auth needed
Prerequisites: Access to the target system's mach port for the vulnerable service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40954/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94903
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037469
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207423

Scores

CVSS v3 7.8
EPSS 0.0017
EPSS Percentile 38.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
apple/mac_os_x < 10.12.1
Published Feb 20, 2017
Tracked Since Feb 18, 2026