CVE-2016-7584 — Apple Iphone OS vulnerability

CWE-2547 documents4 sources

Severity

7.8HIGHNVD

OSV7.5

EPSS

0.3%

top 47.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Php5 Apple Iphone OS Apple MAC OS X +4 more

Timeline

PublishedFeb 20

Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶NVDapple/tvos10.0

▶NVDapple/watchos2.2.2

▶NVDapple/mac_os_x10.12.0

▶Appleapple/tvos10.0.1

▶Appleapple/watchos3.1

🔴Vulnerability Details

GHSA

GHSA-v784-q82p-432g: An issue was discovered in certain Apple products↗2022-05-14

▶

OSV

php5, php7.0, php7.1 vulnerabilities↗2018-03-19

▶

📋Vendor Advisories

Apple

CVE-2016-7584: macOS Sierra 10.12.1, Security Update 2016-002 El Capitan, and Security Update 2016-006 Yosemite↗2016-10-24

▶

Apple

CVE-2016-7584: tvOS 10.0.1↗2016-10-24

▶

Apple

CVE-2016-7584: watchOS 3.1↗2016-10-24

▶

Apple

CVE-2016-7584: iOS 10.1↗2016-10-24

▶