Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4727 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-09-25 CVE-2016-4726 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-09-25 CVE-2016-4725 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
5.8
2016-09-25 CVE-2016-4724 NULL Pointer Dereference vulnerability in Apple Iphone OS and mac OS X
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
network
apple CWE-476
critical
9.3
2016-09-25 CVE-2016-4723 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2016-09-25 CVE-2016-4722 Improper Input Validation vulnerability in Apple Iphone OS and mac OS X
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
network
apple CWE-20
7.1
2016-09-25 CVE-2016-4718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
network
apple CWE-119
4.3
2016-09-25 CVE-2016-4717 Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-09-20
The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.
network
low complexity
apple
5.0
2016-09-25 CVE-2016-4716 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
local
low complexity
apple CWE-264
7.2
2016-09-25 CVE-2016-4715 Information Exposure vulnerability in Apple mac OS X
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
network
apple CWE-200
4.3