Vulnerabilities > Apple > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-11 | CVE-2015-7044 | 7PK - Security Features vulnerability in Apple mac OS X The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges. | 7.6 |
| 2015-11-22 | CVE-2015-7036 | Improper Input Validation vulnerability in Apple Iphone OS and mac OS X The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. | 7.5 |
| 2015-11-13 | CVE-2015-8126 | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | 7.5 |
| 2015-11-11 | CVE-2015-7662 | Permissions, Privileges, and Access Controls vulnerability in Adobe products Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. | 7.8 |
| 2015-11-05 | CVE-2015-7192 | Code vulnerability in Mozilla Firefox The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | 7.5 |
| 2015-10-23 | CVE-2015-7021 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. | 7.2 |
| 2015-10-23 | CVE-2015-7016 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app. | 7.6 |
| 2015-10-23 | CVE-2015-7007 | Unspecified vulnerability in Apple mac OS X Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. | 7.5 |
| 2015-10-23 | CVE-2015-6994 | Resource Management Errors vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. | 7.1 |
| 2015-10-23 | CVE-2015-6984 | Improper Access Control vulnerability in Apple mac OS X libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. | 8.8 |