OS X

CVEs (194)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4702	Apple Inc. tvOS	Cri	0.65	9.8	0.18	Sep 25, 2016	Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4614	Apple Inc. iTunes	Cri	0.64	9.8	0.03	Jul 22, 2016	libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…
CVE-2016-4736	Libarchive Libarchive	Hig	0.57	8.8	0.01	Sep 25, 2016	libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
CVE-2016-1835	Debian Debian Linux	Hig	0.57	8.8	0.03	May 20, 2016	Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-4650	Apple Inc. tvOS	Hig	0.51	7.8	0.00	Apr 20, 2017	Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4779	Apple Inc. Swift	Hig	0.51	7.8	0.01	Sep 25, 2016	Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2016-4778	Apple Inc. tvOS	Hig	0.51	7.8	0.01	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4750	Apple Inc. iOS	Hig	0.51	7.8	0.00	Sep 25, 2016	S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4703	Apple Inc. Darwin Xnu	Hig	0.51	7.8	0.00	Sep 25, 2016	Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4700	Apple Inc. OS X	Hig	0.51	7.8	0.00	Sep 25, 2016	AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
CVE-2016-4699	Apple Inc. OS X	Hig	0.51	7.8	0.00	Sep 25, 2016	AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
CVE-2016-4698	Apple Inc. iOS	Hig	0.51	7.8	0.00	Sep 25, 2016	AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-4647	Apple Inc. OS X	Hig	0.51	7.8	0.00	Jul 22, 2016	Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
CVE-2016-4582	Apple Inc. tvOS	Hig	0.51	7.8	0.00	Jul 22, 2016	The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
CVE-2016-1834	Debian Debian Linux	Hig	0.51	7.8	0.02	May 20, 2016	Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
CVE-2016-1733	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Mar 24, 2016	AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-6980	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Jan 11, 2016	Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2016-4772	Apple Inc. tvOS	Hig	0.49	7.5	0.03	Sep 25, 2016	The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2015-7024	Apple Inc. Mac Os X	Med	0.44	6.7	0.00	Jan 11, 2016	Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.
CVE-2016-4701	Apple Inc. Swift	Med	0.40	6.2	0.00	Sep 25, 2016	Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.

CVE-2016-4702CriSep 25, 2016
Apple Inc.
tvOS
risk 0.65cvss 9.8epss 0.18
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4614CriJul 22, 2016
Apple Inc.
iTunes
risk 0.64cvss 9.8epss 0.03
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact…
CVE-2016-4736HigSep 25, 2016
Libarchive
Libarchive
risk 0.57cvss 8.8epss 0.01
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
CVE-2016-1835HigMay 20, 2016
Debian
Debian Linux
risk 0.57cvss 8.8epss 0.03
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-4650HigApr 20, 2017
Apple Inc.
tvOS
risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4779HigSep 25, 2016
Apple Inc.
Swift
risk 0.51cvss 7.8epss 0.01
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2016-4778HigSep 25, 2016
Apple Inc.
tvOS
risk 0.51cvss 7.8epss 0.01
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4750HigSep 25, 2016
Apple Inc.
iOS
risk 0.51cvss 7.8epss 0.00
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4703HigSep 25, 2016
Apple Inc.
Darwin Xnu
risk 0.51cvss 7.8epss 0.00
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4700HigSep 25, 2016
Apple Inc.
OS X
risk 0.51cvss 7.8epss 0.00
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
CVE-2016-4699HigSep 25, 2016
Apple Inc.
OS X
risk 0.51cvss 7.8epss 0.00
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
CVE-2016-4698HigSep 25, 2016
Apple Inc.
iOS
risk 0.51cvss 7.8epss 0.00
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-4647HigJul 22, 2016
Apple Inc.
OS X
risk 0.51cvss 7.8epss 0.00
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
CVE-2016-4582HigJul 22, 2016
Apple Inc.
tvOS
risk 0.51cvss 7.8epss 0.00
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
CVE-2016-1834HigMay 20, 2016
Debian
Debian Linux
risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
CVE-2016-1733HigMar 24, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-6980HigJan 11, 2016
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors.
CVE-2016-4772HigSep 25, 2016
Apple Inc.
tvOS
risk 0.49cvss 7.5epss 0.03
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2015-7024MedJan 11, 2016
Apple Inc.
Mac Os X
risk 0.44cvss 6.7epss 0.00
Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature.
CVE-2016-4701MedSep 25, 2016
Apple Inc.
Swift
risk 0.40cvss 6.2epss 0.00
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.

Page 1 of 10