Vulnerabilities > Apple

DATE CVE VULNERABILITY TITLE RISK
2015-07-03 CVE-2015-3718 Multiple Security vulnerability in Apple Mac OS X Prior to 10.10.4
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.
network
apple
6.8
2015-07-03 CVE-2015-3717 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
network
low complexity
sqlite apple CWE-120
7.5
2015-07-03 CVE-2015-3716 Command Injection vulnerability in Apple mac OS X
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.
local
apple CWE-77
4.4
2015-07-03 CVE-2015-3715 7PK - Security Features vulnerability in Apple mac OS X
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
network
apple CWE-254
6.8
2015-07-03 CVE-2015-3714 7PK - Security Features vulnerability in Apple mac OS X
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.
network
low complexity
apple CWE-254
5.0
2015-07-03 CVE-2015-3713 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Quicktime
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3712 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
network
apple CWE-119
critical
9.3
2015-07-03 CVE-2015-3711 Information Exposure vulnerability in Apple mac OS X
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
network
apple CWE-200
4.3
2015-07-03 CVE-2015-3710 7PK - Security Features vulnerability in Apple Iphone OS and mac OS X
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
network
apple CWE-254
4.3
2015-07-03 CVE-2015-3709 Race Condition vulnerability in Apple mac OS X
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
local
apple CWE-362
6.9