CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4639 – Apple OS X WindowServer Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4639
Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors. Login Window en Apple OS X en versiones anteriores a 10.11.6 no inicializa correctamente la memoria, lo que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CoreGraphics. By interacting with PKGTransactionWillSwitchSpaces, an attacker can cause a memory corruption condition. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-431 https://support.apple.com/HT206903 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4652 – Apple OS X WindowServer _XFlushRegion Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4652
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. CoreGraphics en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener información sensible de la memoria del kernel y por consiguiente obtener privilegios o provocar una denegación de memoria (lectura fuera de rango), a través de vectores no especificados. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CoreGraphics module. The issue lies in the failure to properly validate user-supplied data which can result in a read past the end of an allocated buffer. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-432 https://support.apple.com/HT206903 • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4647 – Apple OS X DspFuncLib Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4647
Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file. Audio en Apple OS X en versiones anteriores a 10.11.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de un archivo manipulado. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DspFuncLib. The issue lies in the failure to remove a reference after freeing an object. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-437 http://zerodayinitiative.com/advisories/ZDI-16-438 https://support.apple.com/HT206903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 5%CPEs: 1EXPL: 0CVE-2016-4646 – Apple OS X ACMP4AACBaseDecoder Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-4646
Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. Audio en Apple OS X en versiones anteriores a 10.11.6 no maneja correctamente un valor de tamaño, lo que permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (lectura fuera de rango) a través de una archivo de audio manipulado. This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of MOV files. The issue lies in the failure to validate a user-supplied value prior to using it as the size parameter in a call to memcpy. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://www.securityfocus.com/bid/91824 http://www.securitytracker.com/id/1036348 http://zerodayinitiative.com/advisories/ZDI-16-439 https://support.apple.com/HT206903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 7EXPL: 0CVE-2016-4615
https://notcve.org/view.php?id=CVE-2016-4615
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. libxml2 en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones anteriores a 12.4.2 en Windows, iCloud en versiones anteriores a 5.2.1 en Windows, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2016-4614, CVE-2016-4616 y CVE-2016-4619. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://www.securityfocus.com/bid/91826 http://www.securitytracker.com/id/1036348 https://support.apple.com/HT206899 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •