PatchSiren cyber security CVE debrief

CVE-2016-7627 Apple CVE debrief

CVE-2016-7627 is a denial-of-service issue in Apple’s CoreGraphics component. A crafted font can trigger a NULL pointer dereference, leading to an application crash. The supplied CVE description and NVD data indicate impact to iOS, macOS, and watchOS releases fixed by Apple’s 2017 security updates.

Vendor: Apple
Product: CVE-2016-7627
CVSS: MEDIUM 6.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-20
Original CVE updated: 2026-05-13
Advisory published: 2017-02-20
Advisory updated: 2026-05-13

Who should care

Apple users and administrators responsible for iOS, macOS, or watchOS systems that may process untrusted fonts or documents should care most. Security teams managing Apple device fleets should prioritize validation of patch levels on affected releases.

Technical summary

The vulnerability is categorized by NVD as CWE-476 (NULL pointer dereference) with CVSS v3.0 vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. In practical terms, a remote attacker can cause a crash in the CoreGraphics path by supplying a crafted font, resulting in availability impact only. The CVE description states affected versions were iOS before 10.2, macOS before 10.12.2, and watchOS before 3.1.3; the NVD CPE criteria in the supplied corpus list vulnerable version ranges ending at iOS 10.1.1, macOS 10.12.1, and watchOS 2.2.2.

Defensive priority

Medium. The issue requires user interaction and affects availability rather than confidentiality or integrity, but it can still disrupt Apple devices and applications that render attacker-supplied content.

Recommended defensive actions

Confirm all Apple devices are updated to the vendor-fixed releases referenced in Apple’s security advisories.
Review exposure to untrusted fonts, documents, or media sources that could trigger CoreGraphics rendering paths.
Use mobile device management or endpoint inventory to verify affected OS versions and remediate lagging systems first.
Monitor for repeated crashes in apps that process fonts or document previews, which may indicate exposure to malformed content.
Consult the linked Apple advisories for the specific platform update applicable to each device class.

Evidence notes

Evidence in the supplied corpus comes from the CVE description, NVD CVSS/CWE metadata, NVD CPE criteria, and Apple-linked advisory references. The narrative description says the issue affects iOS before 10.2, macOS before 10.12.2, and watchOS before 3.1.3, while the NVD CPE criteria list end versions of 10.1.1, 10.12.1, and 2.2.2 respectively. This version-boundary difference is preserved here rather than reconciled beyond the supplied sources.

Official resources

CVE-2016-7627 CVE record
CVE.org
CVE-2016-7627 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-02-20 in Apple-linked advisories and recorded the same day in the CVE and NVD entries; NVD shows a later metadata modification on 2026-05-13.