Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-12-11 CVE-2015-7112 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
network
apple CWE-119
critical
9.3
2015-12-11 CVE-2015-7111 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
network
apple CWE-119
critical
9.3
2015-12-11 CVE-2015-7109 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
network
apple CWE-119
critical
9.3
2015-12-11 CVE-2015-7082 Unspecified vulnerability in GIT Project GIT 2.5.3
Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors.
network
low complexity
git-project apple
critical
10.0
2015-12-11 CVE-2015-7079 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
apple CWE-20
critical
9.3
2015-12-11 CVE-2015-7072 Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
network
apple CWE-20
critical
9.3
2015-12-11 CVE-2015-7071 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.
network
low complexity
apple CWE-264
critical
10.0
2015-12-11 CVE-2015-7070 Unspecified vulnerability in Apple Iphone OS
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
network
apple
critical
9.3
2015-12-11 CVE-2015-7069 Unspecified vulnerability in Apple Iphone OS
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
network
apple
critical
9.3
2015-12-11 CVE-2015-7068 NULL Pointer Dereference vulnerability in Apple products
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
network
apple CWE-476
critical
9.3