PatchSiren cyber security CVE debrief

CVE-2016-7619 Apple CVE debrief

CVE-2016-7619 is a local Apple libarchive vulnerability tied to symlink handling. The NVD record rates it medium severity and indicates that a low-privilege local attacker could write to arbitrary files, creating an integrity-impact issue on affected Apple systems. Apple’s advisory links cover the affected iOS, macOS, and watchOS release lines for remediation.

Vendor: Apple
Product: CVE-2016-7619
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-20
Original CVE updated: 2026-05-13
Advisory published: 2017-02-20
Advisory updated: 2026-05-13

Who should care

Apple device administrators, endpoint security teams, and users managing iPhone/iPad, Mac, or Apple Watch fleets on affected releases. Systems that permit local accounts or process untrusted archives should prioritize review and patching.

Technical summary

The issue is in libarchive’s handling of symlinks. NVD classifies the weakness as CWE-59 and assigns CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating a local attack that does not require user interaction but can have a high integrity impact. The supplied description states iOS before 10.2, macOS before 10.12.2, and watchOS before 3.1.3; the NVD CPE data in the corpus lists vulnerable ranges ending at iOS 10.1.1, macOS 10.12.1, and watchOS 2.2.2, so the Apple advisories should be used to confirm the exact fixed releases.

Defensive priority

Medium priority. The attack is local and needs some privileges, but it can still let a local user overwrite files on affected Apple systems, so timely patching is important.

Recommended defensive actions

Update affected Apple devices to versions newer than the fixed releases listed by Apple for iOS, macOS, and watchOS.
Use the Apple advisories in the record (HT207422, HT207423, and HT207487) to verify the correct remediated versions for each product line.
Review endpoints that accept or extract untrusted archives, since the weakness is in libarchive symlink handling.
Limit unnecessary local account access and monitor for unexpected file changes on affected Apple devices until remediation is complete.

Evidence notes

Primary evidence comes from the official NVD record and the Apple advisory links embedded in that record. NVD provides the CVSS vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N and CWE-59. The corpus also contains a scope mismatch worth noting: the supplied description lists watchOS before 3.1.3, while the NVD CPE criteria end at watchOS 2.2.2; similar version-end differences appear for iOS and macOS. Use Apple’s advisories to confirm the exact remediation boundary.

Official resources

CVE-2016-7619 CVE record
CVE.org
CVE-2016-7619 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE-2016-7619 was published in the supplied record on 2017-02-20 and last modified on 2026-05-13. This debrief relies on the official CVE/NVD record and Apple advisory references in the corpus and does not include exploit details.