CVE-2016-7602 Apple CVE debrief

Who should care

Apple Mac administrators, endpoint security teams, and users running macOS versions earlier than 10.12.2 should prioritize this issue, especially on systems that may run untrusted or third-party applications.

Technical summary

The NVD record identifies a memory corruption weakness (CWE-119) in the Intel Graphics Driver on macOS. The affected range in the source data extends through macOS 10.12.1, with Apple’s advisory referenced by NVD. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local exploitation that requires user interaction but can have high impact, including privileged code execution or denial of service.

Defensive priority

High. The combination of high-impact consequences and a well-defined affected version range makes patch verification and version inventory important for Apple environments that still contain pre-10.12.2 systems.

Recommended defensive actions

• Update affected Macs to macOS 10.12.2 or later.
• Inventory devices to identify any systems still running macOS 10.12.1 or earlier.
• Verify patch status on managed endpoints after remediation.
• Restrict untrusted application execution where practical, especially on legacy systems.
• Monitor Apple security advisories and vendor maintenance windows for similar graphics-driver fixes.

Evidence notes

Source data from NVD states the issue affects macOS before 10.12.2 and maps the vulnerable CPE range through 10.12.1. The record also cites CWE-119 and references Apple’s vendor advisory (HT207423) along with third-party advisory entries. The CVE was published on 2017-02-20 and later modified on 2026-05-13; those dates describe the record timeline, not the original flaw occurrence.

Official resources