Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4652 Out-of-bounds Read vulnerability in Apple mac OS X
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.
local
high complexity
apple CWE-125
6.3
2016-07-22 CVE-2016-4651 Cross-site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.
network
low complexity
apple CWE-79
6.1
2016-07-22 CVE-2016-4649 NULL Pointer Dereference vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
local
low complexity
apple CWE-476
5.5
2016-07-22 CVE-2016-4648 Information Exposure vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-200
5.5
2016-07-22 CVE-2016-4646 Information Exposure vulnerability in Apple mac OS X
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.
network
low complexity
apple CWE-200
6.5
2016-07-22 CVE-2016-4635 Information Exposure vulnerability in Apple Iphone OS
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
network
high complexity
apple CWE-200
5.3
2016-07-22 CVE-2016-4628 Out-of-bounds Read vulnerability in Apple Iphone OS
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-125
5.5
2016-07-22 CVE-2016-4605 NULL Pointer Dereference vulnerability in Apple Iphone OS
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.
network
low complexity
apple CWE-476
6.5
2016-07-22 CVE-2016-4604 Open Redirect vulnerability in Apple Safari
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
network
low complexity
apple CWE-601
5.4
2016-07-22 CVE-2016-4603 7PK - Security Features vulnerability in Apple Iphone OS
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
network
low complexity
apple CWE-254
4.3