Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1823 Out-of-bounds Read vulnerability in Apple products
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
local
low complexity
apple CWE-125
7.8
2016-05-20 CVE-2016-1822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1821 Unspecified vulnerability in Apple mac OS X
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
local
low complexity
apple
7.8
2016-05-20 CVE-2016-1820 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1819 Use After Free vulnerability in Apple products
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
local
low complexity
apple CWE-416
7.8
2016-05-20 CVE-2016-1818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1817 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1816 Unspecified vulnerability in Apple mac OS X
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
local
low complexity
apple
7.8
2016-05-20 CVE-2016-1815 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
local
low complexity
apple CWE-119
7.8
2016-05-20 CVE-2016-1813 NULL Pointer Dereference vulnerability in Apple products
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
local
low complexity
apple CWE-476
7.8