Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1770 Improper Access Control vulnerability in Apple mac OS X
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
network
low complexity
apple CWE-284
6.5
2016-03-24 CVE-2016-1769 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1768 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1767 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1766 Unspecified vulnerability in Apple Iphone OS
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
network
low complexity
apple
7.5
2016-03-24 CVE-2016-1765 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1764 Information Exposure vulnerability in Apple mac OS X
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
network
low complexity
apple CWE-200
4.3
2016-03-24 CVE-2016-1763 Improper Input Validation vulnerability in Apple Iphone OS
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
network
low complexity
apple CWE-20
3.5
2016-03-24 CVE-2016-1762 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
network
low complexity
apple debian canonical xmlsoft redhat mcafee CWE-119
8.1
2016-03-24 CVE-2016-1761 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
network
low complexity
apple CWE-119
critical
9.8