OS X
by Apple Inc.
CVEs (553)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4777 | Hig | 0.51 | 7.8 | 0.02 | Sep 25, 2016 | The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | ||
| CVE-2016-4775 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2016 | The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2016-4753 | Hig | 0.51 | 7.8 | 0.02 | Sep 25, 2016 | Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||
| CVE-2016-4750 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-4727 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-4726 | Hig | 0.51 | 7.8 | 0.02 | Sep 25, 2016 | IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-4724 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-4716 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2016 | diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | ||
| CVE-2016-4712 | Hig | 0.51 | 7.8 | 0.02 | Sep 25, 2016 | CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | ||
| CVE-2016-4710 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2016 | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709. | ||
| CVE-2016-4709 | Hig | 0.51 | 7.8 | 0.00 | Sep 25, 2016 | WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710. | ||
| CVE-2016-4703 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-4700 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699. | ||
| CVE-2016-4699 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700. | ||
| CVE-2016-4698 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||
| CVE-2016-4697 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||
| CVE-2016-4696 | Hig | 0.51 | 7.8 | 0.01 | Sep 25, 2016 | AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | ||
| CVE-2016-4653 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2016 | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582. | ||
| CVE-2016-4647 | Hig | 0.51 | 7.8 | 0.00 | Jul 22, 2016 | Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file. | ||
| CVE-2016-4640 | Hig | 0.51 | 7.8 | 0.01 | Jul 22, 2016 | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. |
- risk 0.51cvss 7.8epss 0.02
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
- risk 0.51cvss 7.8epss 0.00
The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS before 3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
- risk 0.51cvss 7.8epss 0.02
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
- risk 0.51cvss 7.8epss 0.01
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.02
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.51cvss 7.8epss 0.00
diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors.
- risk 0.51cvss 7.8epss 0.02
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
- risk 0.51cvss 7.8epss 0.00
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.
- risk 0.51cvss 7.8epss 0.00
WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.
- risk 0.51cvss 7.8epss 0.01
Bluetooth in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4699.
- risk 0.51cvss 7.8epss 0.01
AppleUUC in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-4700.
- risk 0.51cvss 7.8epss 0.01
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
- risk 0.51cvss 7.8epss 0.01
Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
- risk 0.51cvss 7.8epss 0.01
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
- risk 0.51cvss 7.8epss 0.00
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
- risk 0.51cvss 7.8epss 0.00
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.
- risk 0.51cvss 7.8epss 0.01
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.
Page 3 of 28