2016 VULNERABILITY DATABASE
Summary: The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
Published: 3/23/2016 9:59:41 PM
CVSS Severity: v3 - 3.3 LOW v2 - 2.1 LOW
Summary: The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
Published: 3/23/2016 9:59:40 PM
CVSS Severity: v3 - 4.3 MEDIUM v2 - 4.3 MEDIUM
Summary: The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
Published: 3/23/2016 9:59:39 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 7.1 HIGH
Summary: The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
Published: 3/23/2016 9:59:38 PM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.3 MEDIUM
Summary: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
Published: 3/23/2016 9:59:37 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM
Summary: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
Published: 3/23/2016 9:59:36 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM
Summary: QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
Published: 3/23/2016 9:59:35 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM
Summary: The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
Published: 3/23/2016 9:59:34 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
Summary: otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Published: 3/23/2016 9:59:33 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 4.6 MEDIUM
Summary: The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
Published: 3/23/2016 9:59:32 PM
CVSS Severity: v3 - 4.3 MEDIUM v2 - 4.3 MEDIUM
Summary: Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
Published: 3/23/2016 9:59:31 PM
CVSS Severity: v3 - 3.5 LOW v2 - 3.5 LOW
Summary: libxml2 in Apple iOS before 9.3, OS X before 10.11.4, Safari before 9.1, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Published: 3/23/2016 9:59:30 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
Summary: libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Published: 3/23/2016 9:59:29 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
Summary: The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Published: 3/23/2016 9:59:28 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
Published: 3/23/2016 9:59:27 PM
CVSS Severity: v3 - 3.3 LOW v2 - 4.3 MEDIUM
Summary: Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Published: 3/23/2016 9:59:26 PM
CVSS Severity: v3 - 7.0 HIGH v2 - 9.3 HIGH
Summary: The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
Published: 3/23/2016 9:59:25 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
Published: 3/23/2016 9:59:24 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
Published: 3/23/2016 9:59:23 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
Published: 3/23/2016 9:59:23 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
Published: 3/23/2016 9:59:22 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
Published: 3/23/2016 9:59:21 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
Published: 3/23/2016 9:59:20 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Published: 3/23/2016 9:59:19 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
Published: 3/23/2016 9:59:18 PM
CVSS Severity: v3 - 3.3 LOW v2 - 4.3 MEDIUM
Summary: IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
Published: 3/23/2016 9:59:17 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.
Published: 3/23/2016 9:59:16 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
Published: 3/23/2016 9:59:15 PM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 2.1 LOW
Summary: The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1743.
Published: 3/23/2016 9:59:14 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1744.
Published: 3/23/2016 9:59:13 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Summary: The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Published: 3/23/2016 9:59:12 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
Summary: FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
Published: 3/23/2016 9:59:11 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
Page 3