CVE-2016-4715
Description
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Date & Time Pref Pane in OS X before 10.12 leaks the user's location via crafted app by mishandling the .GlobalPreferences file.
Vulnerability
The Date & Time Pref Pane component in Apple OS X before version 10.12 (macOS Sierra) mishandles the .GlobalPreferences file. This allows a crafted application to read the user's location data without proper authorization. Affected versions include OS X 10.11.x and earlier.
Exploitation
An attacker must convince the user to run a malicious application on the affected system. The app can then access the .GlobalPreferences file, which is not adequately protected, to retrieve stored location information.
Impact
Successful exploitation leads to disclosure of the user's current location. This is a breach of privacy (information disclosure) but does not grant any additional privileges or system control.
Mitigation
Apple addressed the issue in macOS Sierra 10.12, released September 20, 2016 [1]. Users should upgrade to macOS 10.12 or later. No workaround is available for older versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <10.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing ListVendor Advisory
- support.apple.com/HT207170nvdVendor Advisory
- www.securityfocus.com/bid/93055nvd
- www.securitytracker.com/id/1036858nvd
News mentions
0No linked articles in our index yet.