CVE-2016-7600

Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.12.2

Description The issue involves the OpenPAM component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. This is related to the lack of protection for service data, allowing a local attacker to gain confidential information in connection with failed PAM authentication of a sandboxed application.

Recommendations For macOS versions prior to 10.12.2, update to version 10.12.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the OpenPAM component until a patch is applied.