CVE-2016-1843
https://notcve.org/view.php?id=CVE-2016-1843
The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente Messages en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente el nombre de archivo de codificación, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-20: Improper Input Validation •
CVE-2016-1844
https://notcve.org/view.php?id=CVE-2016-1844
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. El componente Messages en Apple OS X en versiones anteriores a 10.11.5 no maneja correctamente cambios en las rotaciones, lo que permite a atacantes remotos modificar listas de contactos a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-284: Improper Access Control •
CVE-2016-1825 – Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1825
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOHIDFamily en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • https://www.exploit-db.com/exploits/44237 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1848 – Apple QuickTime - '.mov' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1848
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. QuickTime en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo manipulado. • https://www.exploit-db.com/exploits/39839 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://protekresearchlab.com/cosig-2016-19 http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://support.apple.com/HT206567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1826 – Apple OS X DTrace Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1826
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Desbordamiento de entero en la implementación dtrace en el kernel en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dtrace facility. The issue lies with the failure to validate user-supplied chunk size values which can lead to arbitrary read and write of memory. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 http://www.zerodayinitiative.com/advisories/ZDI-16-344 https://support.apple.com/HT206567 •