CVE-2016-1769 – Apple QuickTime < 7.7.79.80.95 - '.PSD' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1769
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de un archivo Photoshop manipulado. • https://www.exploit-db.com/exploits/39635 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1767 – Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1767
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de una imagen FlashPix manipulada, una vulnerabilidad diferente a CVE-2016-1768. • https://www.exploit-db.com/exploits/39633 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1788
https://notcve.org/view.php?id=CVE-2016-1788
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. Messages en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4 y watchOS en versiones anteriores a 2.2 no implementa correctamente un mecanismo de protección criptográfico, lo que permite a atacantes remotos leer contenidos adjuntos de los mensajes a través de vectores relacionados con mensajes duplicados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 • CWE-310: Cryptographic Issues •
CVE-2016-1773
https://notcve.org/view.php?id=CVE-2016-1773
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. El subsistema de firmado de código en Apple OS X en versiones anteriores a 10.11.4 no verifica correctamente el propietario del archivo, lo que permite a usuarios locales determinar la existencia de archivos arbitrarios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1768 – Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1768
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de una imagen FlashPix manipulada, una vulnerabilidad diferente a CVE-2016-1767. • https://www.exploit-db.com/exploits/39634 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •