Page 457 of 3272 results (0.021 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-1752

https://notcve.org/view.php?id=CVE-2016-1752

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes causar una denegación de servicio a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 https://support.apple.com/HT206169 • CWE-20: Improper Input Validation •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1760

https://notcve.org/view.php?id=CVE-2016-1760

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. La API XPC Services en LaunchServices en Apple iOS en versiones anteriores a 9.3 permite a atacantes eludir las restricciones destinadas al manejador de eventos y modificar un events de app arbitrario a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-1748

https://notcve.org/view.php?id=CVE-2016-1748

IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. IOHIDFamily en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes obtener información sensible de la estructura de memoria del kernel a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT205635 https://support.apple.com/HT205637 https://support.apple.com/HT205640 https://support.apple.com/HT205641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-1766 – Apple iOS MDM Profile Signing Bypass

https://notcve.org/view.php?id=CVE-2016-1766

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. El componente Profiles en Apple iOS en versiones anteriores a 9.3 no valida certificados correctamente, lo que permite a atacantes suplantar una relación de confianza de perfil MDM a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of signed MDM profiles. The issue lies in the failure to properly check the certificate chain. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://www.securitytracker.com/id/1035353 http://www.zerodayinitiative.com/advisories/ZDI-16-314 https://support.apple.com/HT206166 •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2016-1755 – Apple Mac OSX Kernel - AppleKeyStore Use-After-Free

https://notcve.org/view.php?id=CVE-2016-1755

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. El kernel en Apple iOS en versiones anteriores a 9.3, OS X en versiones anteriores a 10.11.4, tvOS en versiones anteriores a 9.2 y watchOS en versiones anteriores a 2.2 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada, una vulnerabilidad diferente a CVE-2016-1754. The AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods, however by racing two threads, one of which closes the userclient (which frees the IOCommandGate) and one of which tries to make an external method call we can cause a use-after-free of the IOCommandGate. • https://www.exploit-db.com/exploits/39614 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035353 https://support.apple.com/HT206166 https://support.apple.com/HT206167 https://support.apple.com/HT206168 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •