CVE-2016-7742

Opening a maliciously crafted archive may lead to arbitrary code execution

Publish date

December 2016

Identifier

CVE-2016-7742

Manufacturer

Apple

Product

MacOS

Patched

https://support.apple.com/en-gb/HT207423

Authors

Gareth Evans

Description

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7742