CVE-2016-4653 – Apple OS X IOPMrootDomain Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-4653
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582. El kernel en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, tvOS en versiones anteriores a 9.2.2 y watchOS en versiones anteriores a 2.2.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1863 y CVE-2016-4582. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IOPMrootDomain. By publishing to this service, an attacker can cause memory corruption. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://www.zerodayinitiative.com/advisories/ZDI-16-436 https://support.apple.com/HT206902 https://support.apple.com/HT206903 https://support.apple.com/HT206904 https://support.apple.com/HT206905 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4624
https://notcve.org/view.php?id=CVE-2016-4624
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4589, CVE-2016-4622 y CVE-2016-4623. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4623
https://notcve.org/view.php?id=CVE-2016-4623
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624. WebKit en Apple iOS en versiones anteriores a 9.3.3, Safari en versiones anteriores a 9.1.2, y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, una vulnerabilidad diferente a CVE-2016-4589, CVE-2016-4622 y CVE-2016-4624. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91830 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4588
https://notcve.org/view.php?id=CVE-2016-4588
WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded https://support.apple.com/HT206905 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-4586
https://notcve.org/view.php?id=CVE-2016-4586
WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple Safari en versiones anteriores a 9.1.2 y tvOS en versiones anteriores a 9.2.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00004.html http://packetstormsecurity.com/files/138502/WebKitGTK-SOP-Bypass-Information-Disclosure.html http://www.securityfocus.com/archive/1/539295/100/0/threaded http://www.securityfocus.com/bid/91827 http://www.securitytracker.com/id/1036343 https://support.apple.com/HT206900 https://support.apple.com/HT206905 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •