Vulnerabilities > Apple > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-07-03 CVE-2015-3693 7PK - Security Features vulnerability in Apple mac OS X
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
network
apple CWE-254
critical
 9.3
9.3
2015-07-03 CVE-2015-3691 Improper Access Control vulnerability in Apple mac OS X
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
network
apple CWE-284
critical
 9.3
9.3
2015-07-03 CVE-2015-3683 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
 9.3
9.3
2015-06-24 CVE-2015-3112 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Bridge and Photoshop CC
Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
adobe apple microsoft CWE-119
critical
 10.0
10
2015-06-24 CVE-2015-3111 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Bridge and Photoshop CC
Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe apple microsoft CWE-119
critical
 10.0
10
2015-06-24 CVE-2015-3110 Numeric Errors vulnerability in Adobe Bridge and Photoshop CC
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe apple microsoft CWE-189
critical
 10.0
10
2015-06-24 CVE-2015-3109 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Photoshop CC
Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
adobe apple microsoft CWE-119
critical
 10.0
10
2015-06-10 CVE-2015-3107 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.
network
low complexity
adobe google opensuse apple microsoft linux CWE-416
critical
 10.0
10
2015-06-10 CVE-2015-3106 Remote Code Execution vulnerability in Adobe Flash Player and AIR
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107.
network
low complexity
adobe apple microsoft linux google
critical
 10.0
10
2015-06-10 CVE-2015-3105 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
network
low complexity
adobe linux apple microsoft google CWE-119
critical
 10.0
10