CVE-2016-1773

EUVD-2016-2868
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
applemac_os_x
𝑥
≤ 10.11.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://www.securitytracker.com/id/1035363
https://support.apple.com/HT206167
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://www.securitytracker.com/id/1035363
https://support.apple.com/HT206167