CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4638 – Apple OS X WindowServer _XSetApplicationBindingsForWorkspaces Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4638
Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." Login Window en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes obtener privilegios a través de una aplicación manipulada que aprovecha una "confusión de tipo". This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CoreGraphics. By interacting with _XSetApplicationBindingsForWorkspaces, an attacker can cause a type confusion condition. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206903 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4635
https://notcve.org/view.php?id=CVE-2016-4635
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. FaceTime en Apple iOS en versiones anteriores a 9.3.3 y OS X en versiones anteriores a 10.11.6 permite a atacantes man-in-the-middle suplantar la retransmisión de llamada y obtener información de audio sensible en circunstancias oportunistas, a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://www.securityfocus.com/bid/91829 http://www.securitytracker.com/id/1036344 http://www.securitytracker.com/id/1037086 https://support.apple.com/HT206902 https://support.apple.com/HT206903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4633 – Apple OS X AppleIntelBDWGraphics Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4633
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Intel Graphics Driver en Apple OS X en versiones anteriores a 10.11.6 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AppleIntelBDWGraphics kernel extension. The issue lies in the failure to properly check user-supplied arguments during an IOKit call. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-434 https://support.apple.com/HT206903 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 0CVE-2016-4646 – Apple OS X ACMP4AACBaseDecoder Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-4646
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. Audio en Apple OS X en versiones anteriores a 10.11.6 no maneja correctamente un valor de tamaño, lo que permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (lectura fuera de rango) a través de una archivo de audio manipulado. This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of MOV files. The issue lies in the failure to validate a user-supplied value prior to using it as the size parameter in a call to memcpy. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-439 https://support.apple.com/HT206903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4639 – Apple OS X WindowServer Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4639
Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors. Login Window en Apple OS X en versiones anteriores a 10.11.6 no inicializa correctamente la memoria, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CoreGraphics. By interacting with PKGTransactionWillSwitchSpaces, an attacker can cause a memory corruption condition. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-431 https://support.apple.com/HT206903 •