CVE-2016-4645
Description
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CFNetwork in OS X before 10.11.6 uses weak permissions for web-browser cookies, enabling local information disclosure.
Vulnerability
CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors [1]. The issue affects all versions of OS X prior to 10.11.6.
Exploitation
A local attacker with access to the system can leverage the weak permissions to read web-browser cookie files that should be protected. No additional authentication or privilege level is required beyond a standard user account on the affected system [1].
Impact
A local attacker can obtain sensitive information contained in web-browser cookies, potentially including session tokens or authentication data, leading to partial confidentiality compromise. The attack does not require network access and is limited to local information disclosure [1].
Mitigation
Apple addressed this issue in OS X El Capitan v10.11.6, released on July 18, 2016 [1]. Users should update to OS X 10.11.6 or later. No workarounds are documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.11.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlnvdMailing ListVendor Advisory
- support.apple.com/HT206903nvdVendor Advisory
- www.securityfocus.com/bid/91824nvd
- www.securitytracker.com/id/1036348nvd
News mentions
0No linked articles in our index yet.