CVE-2016-7600: Infoleak
First published: Mon Feb 20 2017(Updated: )
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | <=10.12.1 | |
| <=10.12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-7600?
CVE-2016-7600 is classified as a medium severity vulnerability due to its impact on sensitive information disclosure.
How do I fix CVE-2016-7600?
To fix CVE-2016-7600, upgrade your macOS to version 10.12.2 or later to mitigate the vulnerability.
Who is affected by CVE-2016-7600?
CVE-2016-7600 affects local users on macOS versions prior to 10.12.2.
What component is involved in CVE-2016-7600?
The vulnerability in CVE-2016-7600 involves the OpenPAM component used in macOS.
Can CVE-2016-7600 be exploited remotely?
CVE-2016-7600 cannot be exploited remotely as it requires local access to the affected system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.12.1