VAR-201702-0465
Vulnerability from variot - Updated: 2025-04-20 20:54An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID. Apple macOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. AppleMobileFileIntegrity (AMFI) is one of the kernel components used to check the integrity of Apple mobile phone files. The vulnerability stems from the program's failure to verify code signatures. An attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Apple iOS prior to 10.1; macOS Sierra prior to 10.12.1; tvOS prior to 10.0.1; watchOS prior to 3.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0465",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.0"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.0"
},
{
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.12"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.1 (ipod touch first 6 after generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.0.1 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 (apple watch all models )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.12.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.0.0"
},
{
"model": "watch os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016-0060"
},
{
"model": "mac os security update",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x2016-0020"
}
],
"sources": [
{
"db": "BID",
"id": "94571"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mark Mentovai and Boris Vidolov of Google Inc.",
"sources": [
{
"db": "BID",
"id": "94571"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7584",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-7584",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-96404",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-7584",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7584",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-7584",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-673",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-96404",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96404"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"AppleMobileFileIntegrity\" component, which allows remote attackers to spoof signed code by using a matching team ID. Apple macOS is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. AppleMobileFileIntegrity (AMFI) is one of the kernel components used to check the integrity of Apple mobile phone files. The vulnerability stems from the program\u0027s failure to verify code signatures. An attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Apple iOS prior to 10.1; macOS Sierra prior to 10.12.1; tvOS prior to 10.0.1; watchOS prior to 3.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7584"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "BID",
"id": "94571"
},
{
"db": "VULHUB",
"id": "VHN-96404"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7584",
"trust": 2.8
},
{
"db": "BID",
"id": "94571",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90743185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96404",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96404"
},
{
"db": "BID",
"id": "94571"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"id": "VAR-201702-0465",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96404"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T20:54:02.615000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00001.html"
},
{
"title": "APPLE-SA-2016-10-24-4 tvOS 10.0.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00003.html"
},
{
"title": "APPLE-SA-2016-10-24-5 watchOS 3.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00004.html"
},
{
"title": "APPLE-SA-2016-10-24-1 iOS 10.1",
"trust": 0.8,
"url": "https://lists.apple.com/archives/security-announce/2016/Oct/msg00000.html"
},
{
"title": "HT207270",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207270"
},
{
"title": "HT207271",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207271"
},
{
"title": "HT207275",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207275"
},
{
"title": "HT207269",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207269"
},
{
"title": "HT207269",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207269"
},
{
"title": "HT207270",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207270"
},
{
"title": "HT207271",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207271"
},
{
"title": "HT207275",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207275"
},
{
"title": "Apple macOS Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96404"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94571"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207269"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207270"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207271"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207275"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7584"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90743185/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7584"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-in/ht207275"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96404"
},
{
"db": "BID",
"id": "94571"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96404"
},
{
"db": "BID",
"id": "94571"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-96404"
},
{
"date": "2016-11-27T00:00:00",
"db": "BID",
"id": "94571"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"date": "2016-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"date": "2017-02-20T08:59:01.637000",
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-96404"
},
{
"date": "2016-12-20T02:03:00",
"db": "BID",
"id": "94571"
},
{
"date": "2017-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007480"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-673"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-7584"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product AppleMobileFileIntegrity Component forged code forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007480"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-673"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…