CVE-2016-1797 – Apple OS X fontd Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-1797
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. Apple Type Services (ATS) en Apple OS X en versiones anteriores a 10.11.5 permite a atacantes eludir las restricciones de política de sandbox destinadas a FontValidator y ejecutar código arbitrario en un contexto privilegiado a través de una app manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sandbox policy for the fontd process. The issue lies in the failure to properly ensure the FontValidator binary is either excluded from the policy, or is also sandboxed. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 http://www.zerodayinitiative.com/advisories/ZDI-16-360 https://support.apple.com/HT206567 • CWE-284: Improper Access Control •
CVE-2016-1794 – Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext
https://notcve.org/view.php?id=CVE-2016-1794
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. El método AppleGraphicsControlClient::checkArguments en AppleGraphicsControl en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero NULL) a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/39922 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137402/OS-X-AppleMuxControl.kext-NULL-Pointer-Dereference.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://bugs.chromium.org/p/project-zero/issues/detail?id=783 https://support.apple.com/HT206567 •
CVE-2016-1793 – Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl
https://notcve.org/view.php?id=CVE-2016-1793
AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. AppleGraphicsDeviceControlClient en Apple SO X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar denegación de servicio (referencia a puntero NULL) a través de una aplicación manipulada. • https://www.exploit-db.com/exploits/39923 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://packetstormsecurity.com/files/137401/OS-X-AppleGraphicsDeviceControl-NULL-Pointer-Dereference.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035895 https://bugs.chromium.org/p/project-zero/issues/detail?id=782 https://support.apple.com/HT206567 •
CVE-2016-1842
https://notcve.org/view.php?id=CVE-2016-1842
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. MapKit en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5 y watchOS en versiones anteriores a 2.2.1 no utiliza HTTPS para los enlaces compartidos, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de tráfico HTTP. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206566 https://support.apple.com/HT206567 https://support.apple.com/HT206568 • CWE-284: Improper Access Control •
CVE-2016-1831
https://notcve.org/view.php?id=CVE-2016-1831
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.2 y OS X en versiones anteriores a 10.11.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://www.securityfocus.com/bid/90696 http://www.securitytracker.com/id/1035890 https://support.apple.com/HT206567 https://support.apple.com/HT206568 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •