PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-7600 Apple CVE debrief

CVE-2016-7600 is a macOS information-disclosure issue in Apple’s OpenPAM component. According to the NVD record, macOS before 10.12.2 is affected, and the flaw can allow a local attacker to obtain sensitive information when failed PAM authentication is mishandled by a sandboxed app. The published CVSS 3.0 vector indicates local access, no user interaction, and confidentiality impact only.

Vendor
Apple
Product
Unknown
CVSS
MEDIUM 6.2
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-20
Original CVE updated
2026-05-13
Advisory published
2017-02-20
Advisory updated
2026-05-13

Who should care

Mac administrators, endpoint/security teams, and anyone managing macOS systems running 10.12.1 or earlier should treat this as a patching issue. Organizations with local account exposure, shared Macs, or tightly controlled confidentiality requirements should pay particular attention.

Technical summary

The NVD entry describes an OpenPAM-related flaw in Apple products where failed PAM authentication is mishandled by a sandboxed app, enabling disclosure of sensitive information. The record assigns CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and a CVSS 3.0 vector of AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a locally reachable confidentiality issue without integrity or availability impact.

Defensive priority

Medium. The issue is limited to local attack surface and confidentiality impact, but it affects a core authentication-related component and is fully addressed by updating vulnerable macOS versions.

Recommended defensive actions

  • Update affected macOS systems to 10.12.2 or later.
  • Inventory Macs running macOS 10.12.1 or earlier and prioritize them for remediation.
  • Confirm Apple’s vendor advisory and follow the remediation guidance referenced in the NVD record.
  • Restrict unnecessary local account access on exposed systems until they are updated.
  • Validate endpoint compliance after patching to ensure no vulnerable macOS versions remain in service.

Evidence notes

The source corpus states: "macOS before 10.12.2 is affected" and that the issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. The NVD metadata also lists CVSS 3.0 vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and CWE-200. Published date used here is 2017-02-20T08:59:02.137Z; the 2026-05-13 modification timestamp is metadata only and not the issue date.

Official resources

Publicly disclosed in the supplied source record on 2017-02-20. No KEV entry is listed in the supplied data.