Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4600 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4599 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
local
low complexity
apple CWE-119
7.8
2016-07-22 CVE-2016-4598 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
network
low complexity
apple CWE-119
critical
9.8
2016-07-22 CVE-2016-4597 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4596 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4595 Information Exposure vulnerability in Apple mac OS X
Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.
low complexity
apple CWE-200
4.6
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
local
low complexity
apple CWE-20
7.8
2016-07-22 CVE-2016-4593 Information Exposure vulnerability in Apple Iphone OS
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
low complexity
apple CWE-200
2.4
2016-07-22 CVE-2016-4592 Resource Exhaustion vulnerability in multiple products
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.
network
low complexity
apple webkitgtk CWE-400
6.5
2016-07-22 CVE-2016-4591 Improper Access Control vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
network
low complexity
apple CWE-284
7.5