CVSS: 7.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4660
https://notcve.org/view.php?id=CVE-2016-4660
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el componente "FontParser". • http://www.securityfocus.com/bid/93849 http://www.securitytracker.com/id/1037086 https://support.apple.com/HT207269 https://support.apple.com/HT207270 https://support.apple.com/HT207271 https://support.apple.com/HT207275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2016-4669 – Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety s
https://notcve.org/view.php?id=CVE-2016-4669
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors. Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente "Kernel". • https://www.exploit-db.com/exploits/40654 https://github.com/i-o-s/CVE-2016-4669 http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html http://www.securityfocus.com/bid/93849 http://www.securitytracker.com/id/1037086 https://support.apple.com/HT207269 https://support.apple.com/HT207270 https://support.apple.com/HT207271 https://support.apple.com/HT207275 https://github.com/kudima/exploit_playground/tree/master/iPhone3_1_shell https&# • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4742
https://notcve.org/view.php?id=CVE-2016-4742
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. NSSecureTextField en Apple OS X en versiones anteriores a 10.12 no habilita Secure Input, lo que permite a atacantes descubrir credenciales a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4752
https://notcve.org/view.php?id=CVE-2016-4752
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. La función SecKeyDeriveFromPassword en Apple OS X en versiones anteriores a 10.12 no utiliza la palabra clave CF_RETURNS_RETAINED, lo que permite a atacantes obtener información sensible desde el proceso de memoria desencadenando la obtención de clave. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4723
https://notcve.org/view.php?id=CVE-2016-4723
Intel Graphics Driver in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Intel Graphics Driver en Apple OS X en versiones anteriores a 10.12 permite a atacantes ejecutar un código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93055 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207170 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •