Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4621 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-07-22 CVE-2016-4602 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4601 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4600 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4599 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.
local
low complexity
apple CWE-119
7.8
2016-07-22 CVE-2016-4597 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4596 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.
network
low complexity
apple CWE-119
8.8
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
local
low complexity
apple CWE-20
7.8
2016-07-22 CVE-2016-4591 Improper Access Control vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.
network
low complexity
apple CWE-284
7.5
2016-07-22 CVE-2016-4589 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
network
low complexity
apple CWE-119
8.8