CVE-2016-4739
Description
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In OS X before 10.12, mDNSResponder with VMnet.framework exposes a DNS proxy on all interfaces, leaking query data from unintended networks.
Vulnerability
In Apple OS X versions prior to 10.12, the mDNSResponder component, when VMnet.framework is active, configures a DNS proxy to listen on all network interfaces rather than only on the intended interface. This affects systems using VMnet.framework (for virtualization). The issue was fixed in macOS Sierra 10.12 [1].
Exploitation
An attacker on any network interface connected to the affected system can send a crafted DNS query to that interface. No authentication is required, and the attacker must be in a position to send network traffic to the exposed DNS proxy listener.
Impact
A remote attacker can obtain sensitive information by sending a DNS query to an unintended interface, causing the DNS proxy to forward the query and potentially leak details about internal network resolution or the existence of specific hosts [1].
Mitigation
Apple addressed the issue in macOS Sierra 10.12, released September 20, 2016 [1]. Users should update to OS X 10.12 or later. No workarounds have been published; disabling VMnet.framework if not needed may reduce exposure.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <10.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing ListVendor Advisory
- support.apple.com/HT207170nvdVendor Advisory
- www.securityfocus.com/bid/93055nvd
- www.securitytracker.com/id/1036858nvd
News mentions
0No linked articles in our index yet.