Medium severity5.5NVD Advisory· Published Sep 25, 2016· Updated Jun 17, 2026
CVE-2016-4752
CVE-2016-4752
Description
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <10.12
Patches
Vulnerability mechanics
References
4- support.apple.com/HT207170nvdVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing List
- www.securityfocus.com/bid/93055nvd
- www.securitytracker.com/id/1036858nvd
News mentions
0No linked articles in our index yet.