Vulnerabilities > Apple > High

DATE CVE VULNERABILITY TITLE RISK
2016-03-31 CVE-2016-3142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
network
low complexity
php apple CWE-119
8.2
2016-03-24 CVE-2016-1783 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-03-24 CVE-2016-1778 Resource Management Errors vulnerability in Apple Iphone OS
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple CWE-399
8.8
2016-03-24 CVE-2016-1777 Cryptographic Issues vulnerability in Apple mac OS X Server
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
apple CWE-310
7.5
2016-03-24 CVE-2016-1775 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1769 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1768 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1767 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
local
low complexity
apple CWE-119
7.8
2016-03-24 CVE-2016-1766 Unspecified vulnerability in Apple Iphone OS
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
network
low complexity
apple
7.5
2016-03-24 CVE-2016-1765 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
local
low complexity
apple CWE-119
7.8