PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-7595 Apple CVE debrief

CVE-2016-7595 is a high-severity memory-corruption issue in Apple’s CoreText component. The CVE description says a crafted font could let a remote attacker execute arbitrary code or crash the target on iOS before 10.2, macOS before 10.12.2, and watchOS before 3.1.3. NVD classifies the issue as network-reachable but requiring user interaction, which makes patching especially important for devices that process untrusted content.

Vendor
Apple
Product
CVE-2016-7595
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-20
Original CVE updated
2026-05-13
Advisory published
2017-02-20
Advisory updated
2026-05-13

Who should care

Apple endpoint and mobile fleet owners, MDM administrators, security teams supporting legacy iOS/macOS/watchOS devices, and application teams whose products render or import user-supplied fonts or font-bearing content.

Technical summary

The issue is mapped to CWE-119 and described as a CoreText memory corruption flaw triggered by a crafted font. In practical terms, a malicious font can destabilize parsing/rendering and may lead to application crash or code execution on affected Apple operating-system versions. The NVD CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating remote reachability with user interaction required.

Defensive priority

High. This is a remote, user-interaction-driven memory-corruption flaw with potential code execution impact across multiple Apple platforms. Prioritize patching any still-supported affected devices and retire or isolate legacy systems that cannot be updated.

Recommended defensive actions

  • Apply Apple security updates that remediate the issue on supported iOS, macOS, and watchOS releases.
  • Inventory Apple devices to identify any systems still running versions in the affected ranges described in the CVE record.
  • Prioritize devices and applications that regularly process untrusted content, especially documents, messages, web content, or other font-bearing inputs.
  • Use MDM and endpoint controls to reduce exposure on unsupported or exception-approved legacy devices.
  • Validate that security monitoring and asset inventories reflect the impacted Apple OS versions so outdated devices are not missed.

Evidence notes

The CVE description supplied with the record states the issue affects iOS before 10.2, macOS before 10.12.2, and watchOS before 3.1.3, and that a crafted font can trigger remote code execution or denial of service. The NVD record adds a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and assigns CWE-119. NVD CPE criteria in the source item list vulnerable versions through iOS 10.1.1, macOS 10.12.1, and watchOS 2.2.2, which is slightly narrower than the CVE description’s version wording; both are present in the supplied corpus. No KEV entry is supplied.

Official resources

The CVE was published on 2017-02-20T08:59:01.963Z and last modified in the supplied record on 2026-05-13T00:24:29.033Z. No known exploitable-in-the-wild or KEV information is provided in the supplied corpus.