CVE-2016-7660

HIGH

iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Local Privilege Escalation via Syslog Mach Port Name References

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7660. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a Mach port deallocation vulnerability in syslogd (CVE-2016-7660) by spoofing a MACH_NOTIFY_DEAD_NAME message, allowing an attacker to free an arbitrary port name and potentially replace it with a controlled port. The PoC targets macOS Sierra 10.12.1 and leverages the com.apple.system.logger service.

Description

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/40959

View Code ZIP pw:eip

This exploit demonstrates a Mach port deallocation vulnerability in syslogd (CVE-2016-7660) by spoofing a MACH_NOTIFY_DEAD_NAME message, allowing an attacker to free an arbitrary port name and potentially replace it with a controlled port. The PoC targets macOS Sierra 10.12.1 and leverages the com.apple.system.logger service.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS syslogd (10.12.1)

No auth needed

Prerequisites: Access to the com.apple.system.logger Mach service · Ability to send Mach messages

MITRE ATT&CK