Low severity3.3NVD Advisory· Published Sep 25, 2016· Updated May 6, 2026

CVE-2016-4717

Description

The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple OS X before 10.12 mishandles scoped-bookmark file descriptors in the File Bookmark component, allowing denial of service via a crafted app.

Vulnerability

The File Bookmark component in Apple OS X before version 10.12 mishandles scoped-bookmark file descriptors. This vulnerability allows a crafted application to trigger a denial of service condition. The issue exists in the handling of file descriptors associated with scoped bookmarks, which are used for persistent access to files outside the app's sandbox. Affected versions include OS X 10.11.x and earlier.

Exploitation

An attacker must provide a specially crafted app to the user and convince them to run it. No special network position or authentication is required; the attack is local. Once executed, the app can exploit the mishandling of scoped-bookmark file descriptors to cause the system to become unresponsive or crash, resulting in a denial of service.

Impact

Successful exploitation results in a denial of service, impacting system availability. There is no indication of information disclosure or privilege escalation. The attacker gains no additional access beyond causing the system to hang or restart.

Mitigation

Apple addressed this issue in macOS Sierra 10.12, released on September 20, 2016 [1]. Users should update to macOS 10.12 or later. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.

References

About the security content of macOS Sierra 10.12 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.11.6
Apple Inc./OS Xllm-fuzzy
Range: <10.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing ListVendor Advisory
support.apple.com/HT207170nvdVendor Advisory
www.securityfocus.com/bid/93055nvd
www.securitytracker.com/id/1036858nvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000