Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
940
VMScore

CVE-2016-7617

Published: 20/02/2017 Updated: 03/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mac Os X

Vulnerability Summary

An issue exists in certain Apple products. macOS prior to 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows malicious users to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

Exploit DB: Apple macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution
/* Source: bugschromiumorg/p/project-zero/issues/detail?id=974 There are two ways for IOServices to define their IOUserClient classes: they can override IOService::newUserClient and allocate the correct type themselves or they can set the IOUserClientClass key in their registry entry The default implementation of IOService::newUserCli ...
Exploit DB: Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation
## physmem <!-- Brandon Azad --> physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10121 It exploits either [CVE-2016-1825] or [CVE-2016-7617] depending on the deployment target These two vulnerabilities are nearly identical, and exploitation can be done exactly the same They were pa ...

Github Repositories

https://github.com/bazad/physmem

Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617.

physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10121 It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target These two vulnerabilities are nearly identical, and exploitation can be done exactly the same They were patched in OS X El Capitan 10115 and macOS Sierra 10122, respect

References

CWE-704https://support.apple.com/HT207423http://www.securityfocus.com/bid/94903http://www.securitytracker.com/id/1037469https://www.exploit-db.com/exploits/40952/https://nvd.nist.govhttps://github.com/bazad/physmemhttps://www.exploit-db.com/exploits/40952/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook