CVE-2016-7621
Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free
Severity Score
Exploit Likelihood
Affected Versions
3Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente "Kernel". Esto permite a usuarios locales ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (uso después de liberación de memoria) a través de vectores no especificados.
A lack of error checking leads to a reference count leak and OS X / iOS kernel use-after-free vulnerability in _kernelrpc_mach_port_insert_right_trap.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-12-14 CVE Published
- 2016-12-22 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (7)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/140246 | 2016-12-22 | |
| https://www.exploit-db.com/exploits/40956 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/HT207422 | 2018-10-30 | |
| https://support.apple.com/HT207423 | 2018-10-30 | |
| https://support.apple.com/HT207487 | 2018-10-30 |