CVE-2016-4670
Description
Local users can discover lengths of arbitrary passwords by reading a log in iOS before 10.1 and macOS before 10.12.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can discover lengths of arbitrary passwords by reading a log in iOS before 10.1 and macOS before 10.12.1.
Vulnerability
The vulnerability resides in the Security component of iOS (versions before 10.1) and macOS (versions before 10.12.1). It causes the lengths of arbitrary passwords to be written to a log file, which can be accessed by a local user.
Exploitation
An attacker with local access to the affected system can read the relevant log file to obtain the length of any password processed by the system. No special privileges or user interaction beyond local access are required.
Impact
By learning the length of a password, an attacker can significantly reduce the search space for brute-force attacks, aiding in password recovery or unauthorized access. The confidentiality of password metadata is compromised.
Mitigation
Apple addressed this issue in iOS 10.1 [2] and macOS 10.12.1 [1]. Users should update their devices to these or later versions. No workarounds have been published.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <10.12.1
- Range: <10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/94433nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT207271nvdVendor Advisory
- support.apple.com/HT207275nvdVendor Advisory
News mentions
0No linked articles in our index yet.