PatchSiren cyber security CVE debrief
CVE-2016-7765 Apple CVE debrief
CVE-2016-7765 is a low-severity Apple iOS privacy issue involving the Clipboard component. On affected devices, a physically proximate attacker may be able to view clipboard contents while the device is in the lockscreen state, exposing sensitive copied information. The supplied sources place the affected range before Apple’s iOS 10.2 fix, with NVD’s machine-readable data narrowing the bound to iPhone OS through 10.1.1.
- Vendor
- Apple
- Product
- CVE-2016-7765
- CVSS
- LOW 2.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-20
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-20
- Advisory updated
- 2026-05-13
Who should care
Anyone using affected iPhone/iOS devices, especially people who copy passwords, one-time codes, email content, customer data, or other sensitive text. Organizations with shared, supervised, or physically accessible devices should care most, since the issue depends on proximity to a locked device.
Technical summary
The vulnerability is mapped to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). NVD assigns CVSS 3.0 AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, reflecting a confidentiality-only issue that requires physical proximity but no privileges or user interaction. The CVE description says iOS before 10.2 is affected, while the NVD CPE metadata lists iPhone OS versions through 10.1.1; both indicate the issue is fixed by the Apple update path referenced in the vendor advisory.
Defensive priority
Low, but straightforward to remediate. Because impact is limited to confidential clipboard data and requires physical proximity, this is not a high emergency item; however, it should still be patched promptly on any device that may carry sensitive information or be used in public/shared environments.
Recommended defensive actions
- Update affected Apple devices to iOS 10.2 or later, using the Apple vendor advisory as the remediation reference.
- Prioritize patching on devices that are frequently left unattended, shared, or used in physically accessible environments.
- Avoid copying secrets into the clipboard when possible, and clear clipboard contents after sensitive use.
- Enforce mobile OS update compliance through device management so vulnerable versions do not remain in service.
Evidence notes
The debrief is based only on the supplied CVE/NVD corpus and the Apple vendor advisory link. The CVE description states that iOS before 10.2 is affected and names the Clipboard component. NVD metadata provides the CVSS vector AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, CWE-200, and a CPE bound of iPhone OS through 10.1.1. Apple’s support.apple.com/HT207422 reference is the vendor advisory listed by NVD for remediation.
Official resources
-
CVE-2016-7765 CVE record
CVE.org
-
CVE-2016-7765 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly published in the CVE record on 2017-02-20; NVD metadata was last modified on 2026-05-13.