Low severity3.3NVD Advisory· Published Mar 24, 2016· Updated May 6, 2026

CVE-2016-1773

Description

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in Apple OS X's code-signing subsystem allows local users to infer the existence of arbitrary files by exploiting improper file ownership verification.

Vulnerability

The code-signing subsystem in Apple OS X before version 10.11.4 does not properly verify file ownership, enabling a local user to determine whether arbitrary files exist on the system [1]. The issue affects OS X El Capitan v10.11 to v10.11.3, as well as OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5.

Exploitation

An attacker must have local access to the system. No special privileges are required beyond a standard user account. By leveraging the unspecified vectors in the code-signing subsystem, the attacker can probe for the existence of files without proper ownership checks.

Impact

Successful exploitation allows a local user to determine the existence of arbitrary files on the system, leading to information disclosure. The attacker does not gain read access to file contents, only knowledge of whether a file exists. This could aid in further reconnaissance.

Mitigation

Apple addressed this issue in OS X El Capitan v10.11.4 and Security Update 2016-002, released on March 21, 2016 [1]. Users should update to the latest version. No workarounds are documented.

References

About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.11.3
Apple Inc./OS Xllm-fuzzy
Range: <10.11.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlnvdVendor Advisory
support.apple.com/HT206167nvdVendor Advisory
www.securitytracker.com/id/1035363nvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000