CVE-2016-1746 – Apple OS X IOGraphicsFamily Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1746
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. IOGraphics en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1747. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOGraphicsFamily interface. The issue lies with the failure to validate user-supplied function addresses prior to using them. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 http://www.zerodayinitiative.com/advisories/ZDI-16-202 https://support.apple.com/HT206167 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1740 – Apple OS X PDF Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1740
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. FontParser en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento PDF manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue lies in the parsing of encoded fonts containing invalid characters. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 http://www.zerodayinitiative.com/advisories/ZDI-16-201 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1761 – Apple OS X XML Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1761
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. libxml2 en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4 y watchOS en versiones anteriores a 2.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XML files. The issue lies in the handling of ENTITY declarations that reference unsupported protocols. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 http://www.zerodayinitiative.com/advisories/ZDI-16-203 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1749 – Apple OS X IOUSBInterfaceUserClient Out-Of-Bounds Indexing Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-1749
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. IOUSBFamily en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the IOUSBInterfaceUserClient interface. The issue lies in the failure to ensure that a user-supplied index is within the bounds of the allocated buffer. • https://www.exploit-db.com/exploits/39607 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 http://www.zerodayinitiative.com/advisories/ZDI-16-206 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1775 – Apple OS X TTF bdat Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1775
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. TrueTypeScaler en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo de fuente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TTF fonts. The issue lies in the handling of the bdat table. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1035353 http://www.zerodayinitiative.com/advisories/ZDI-16-204 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •