Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4600 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4599 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
local
low complexity
apple CWE-119
7.8
2016-07-22 CVE-2016-4597 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4596 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
local
low complexity
apple CWE-20
7.8
2016-07-22 CVE-2016-4591 Improper Access Control vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
network
low complexity
apple CWE-284
7.5
2016-07-22 CVE-2016-4589 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4588 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4586 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple CWE-119
8.8