Published: 20/02/2017 Updated: 27/07/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. macOS prior to 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

/* * IOFireWireFamily-overflowc * Brandon Azad * * Buffer overflow reachable from IOFireWireUserClient::localConfigDirectory_Publish * * Download: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44235zip */ #include <IOKit/IOKitLibh> #include <stdlibh> #include <stringh> int main() ...

CVE-2016-7608: Buffer overflow in IOFireWireFamily.

IOFireWireFamily-overflow IOFireWireFamily-overflow is a proof-of-concept exploit for CVE-2016-7608, a buffer overflow in IOFireWireUserClient that was fixed in macOS Sierra 10122 This vulnerability can be triggered to cause denial of service or possibly arbitrary code execution on devices with a FireWire port CVE-2016-7608 The AppleFWOHCI::updateROM method does not check t

CWE-200 https://support.apple.com/HT207423 http://www.securityfocus.com/bid/94903 http://www.securitytracker.com/id/1037469 https://nvd.nist.gov https://github.com/bazad/IOFireWireFamily-overflow https://www.exploit-db.com/exploits/44235/

CVE-2016-7608

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect