CVE-2015-3686: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

CVE-2015-3689 [MEDIUM] CWE-119 GHSA-53xg-rm8g-x92p: CoreText in Apple iOS before 8 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.

CVE-2015-3687 [MEDIUM] CWE-119 GHSA-p6g2-c8cw-72pm: CoreText in Apple iOS before 8 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.

CVE-2015-3686 [MEDIUM] CWE-119 GHSA-wm2c-w847-j6cr: CoreText in Apple iOS before 8 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

CVE-2015-3685 [MEDIUM] CWE-119 GHSA-vvr7-68mr-fv57: CoreText in Apple iOS before 8 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

CVE-2015-3688 [MEDIUM] CWE-119 GHSA-343g-v7vx-3835: CoreText in Apple iOS before 8 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

CVE-2015-3686 [MEDIUM] CVE-2015-3686: iTunes 12.3 Apple Security Update: About the security content of iTunes 12.3 Product: iTunes Version: 12.3 CVE: CVE-2015-3686 Component: CVE-ID Impact: Applications that use ICU may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of unicode strings. These issues were addressed by updating ICU to version 55.

CVE-2015-3686 [HIGH] CVE-2015-3686: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3686 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.

CVE-2015-3686 [HIGH] CVE-2015-3686: OS X Yosemite v10.10.4 and Security Update 2015-005 Apple Security Update: About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005 Product: OS X Yosemite v10.10.4 and Security Update 2015-005 CVE: CVE-2015-3686 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.