CVE-2016-4718
https://notcve.org/view.php?id=CVE-2016-4718
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. Desbordamiento de búfer en FontParser en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria a través de una fuente de archivo manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4708
https://notcve.org/view.php?id=CVE-2016-4708
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. CFNetwork en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no analiza correctamente la gramática de la cabecera Set-Cookie, lo que permite a atacantes remotos obtener información sensible a través de una respuesta HTTP manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-4725
https://notcve.org/view.php?id=CVE-2016-4725
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. IOAcceleratorFamily en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes remotos obtener información sensible del proceso de memoria o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4777
https://notcve.org/view.php?id=CVE-2016-4777
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. El kernel en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero no valido) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •
CVE-2016-4712
https://notcve.org/view.php?id=CVE-2016-4712
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. CoreCrypto en Apple iOS en versiones anteriores a 10, OS X en versiones anteriores a 10.12, tvOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 permite a atacantes ejecutar un código arbitrario o provocar una denegación de servicio (escritura fuera de rango) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://www.securityfocus.com/bid/93054 http://www.securitytracker.com/id/1036858 https://support.apple.com/HT207141 https://support.apple.com/HT207142 https://support.apple.com/HT207143 https:// • CWE-787: Out-of-bounds Write •