VYPR
← All advisories
Medium severity4.6NVD Advisory· Published May 20, 2016· Updated May 6, 2026

CVE-2016-1851

CVE-2016-1851

Description

The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A flaw in OS X Screen Lock allows physically proximate attackers to reset expired passwords on the lock screen, bypassing authentication.

Vulnerability

The Screen Lock feature in Apple OS X before version 10.11.5 mishandles password profiles, allowing expired passwords to be reset from the lock-screen state. The issue affects OS X El Capitan v10.11 and later prior to 10.11.5. [1]

Exploitation

An attacker with physical access to a locked Mac can exploit this vulnerability by interacting with the lock screen to reset an expired password. The exact vectors are unspecified, but the attack requires no authentication and can be performed while the device is locked. [1]

Impact

Successful exploitation allows the attacker to reset an expired password, thereby gaining unauthorized access to the system. This compromises confidentiality, integrity, and availability of the user's data and settings. [1]

Mitigation

Apple addressed the issue in OS X El Capitan v10.11.5 and Security Update 2016-003, released on May 18, 2016. Users should update to the latest version. No workarounds are documented. [1]

References
  1. About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.