VAR-201702-0388
Vulnerability from variot - Updated: 2025-04-20 22:41An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. Apple macOS is prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. libxpc is an open source implementation of Apple's XPC library. A security vulnerability exists in the libxpc component of Apple macOS Sierra prior to 10.12. An attacker can exploit this vulnerability to break out of the sandbox
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.7.5 or later 10.12"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
}
],
"sources": [
{
"db": "BID",
"id": "96329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gregor Kopf of Recurity Labs on behalf of BSI (German Federal Office for Information Security).",
"sources": [
{
"db": "BID",
"id": "96329"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4617",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-4617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-93436",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.0,
"id": "CVE-2016-4617",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4617",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4617",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-718",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93436",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93436"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the \"libxpc\" component. Apple macOS is prone to multiple security-bypass vulnerabilities. \nAttackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. libxpc is an open source implementation of Apple\u0027s XPC library. A security vulnerability exists in the libxpc component of Apple macOS Sierra prior to 10.12. An attacker can exploit this vulnerability to break out of the sandbox",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4617"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "BID",
"id": "96329"
},
{
"db": "VULHUB",
"id": "VHN-93436"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4617",
"trust": 2.8
},
{
"db": "BID",
"id": "96329",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90950877",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93436",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93436"
},
{
"db": "BID",
"id": "96329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"id": "VAR-201702-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93436"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T22:41:09.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-09-20 macOS Sierra 10.12",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"title": "HT207170",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207170"
},
{
"title": "HT207170",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207170"
},
{
"title": "Apple macOS Sierra libxpc Fixes for component permissions licensing and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68135"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93436"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht207170"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96329"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4617"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90950877/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4617"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93436"
},
{
"db": "BID",
"id": "96329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93436"
},
{
"db": "BID",
"id": "96329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93436"
},
{
"date": "2017-02-20T00:00:00",
"db": "BID",
"id": "96329"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"date": "2017-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"date": "2017-02-20T08:59:00.213000",
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-24T00:00:00",
"db": "VULHUB",
"id": "VHN-93436"
},
{
"date": "2017-03-29T02:01:00",
"db": "BID",
"id": "96329"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007443"
},
{
"date": "2017-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-718"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-4617"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Vulnerable to sandbox escape",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007443"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-718"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…