CVE-2016-4679 Apple CVE debrief

Who should care

Apple device fleet owners, mobile and endpoint security teams, and anyone responsible for unpacking or processing untrusted archive files on affected Apple operating systems.

Technical summary

The NVD record maps this issue to CWE-59 (link following / symlink-related filesystem handling). Affected versions are iOS before 10.1, macOS before 10.12.1, tvOS before 10.0.1, and watchOS before 3.1. The NVD CVSS v3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating integrity impact with user interaction required.

Defensive priority

Medium. The issue can lead to unauthorized file writes on affected systems, but the published CVSS score is 5.5 and the vector requires user interaction.

Recommended defensive actions

• Confirm whether any Apple devices are running iOS earlier than 10.1, macOS earlier than 10.12.1, tvOS earlier than 10.0.1, or watchOS earlier than 3.1.
• Apply the relevant Apple security updates referenced in the vendor advisories.
• Treat untrusted archives as high risk, especially workflows that automatically extract files.
• Review archive-processing code and tools for symlink handling and path validation safeguards.
• Use inventory and compliance checks to verify that affected Apple platforms are fully patched.

Evidence notes

This debrief is based on the CVE description, the NVD CPE ranges, and the NVD CVSS/CWE metadata supplied in the source corpus. Vendor advisory links from Apple are included in the record, but no additional advisory text was assumed beyond the provided metadata.

Official resources