Apple macOS vulnerabilities

CVE-2016-4663 [MEDIUM] CWE-119 CVE-2016-4663: An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app.

CVE-2016-4721 [MEDIUM] CWE-254 CVE-2016-4721: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.

CVE-2016-7603 [MEDIUM] CWE-476 CVE-2016-7603: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVE-2016-7591 [MEDIUM] CWE-416 CVE-2016-7591: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

CVE-2016-7579 [MEDIUM] CWE-200 CVE-2016-7579: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.

CVE-2016-7604 [MEDIUM] CWE-476 CVE-2016-7604: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVE-2016-7605 [MEDIUM] CWE-476 CVE-2016-7605: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2016-7580 [MEDIUM] CWE-20 CVE-2016-7580: An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involve An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.

CVE-2017-2361 [MEDIUM] CWE-79 CVE-2017-2361: An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.

CVE-2016-7636 [MEDIUM] CWE-20 CVE-2016-7636: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.

CVE-2016-7628 [MEDIUM] CWE-264 CVE-2016-7628: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors.

CVE-2016-7600 [MEDIUM] CWE-200 CVE-2016-7600: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.

CVE-2016-7627 [MEDIUM] CWE-476 CVE-2016-7627: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.

CVE-2016-7615 [MEDIUM] CVE-2016-7615: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.

CVE-2016-4661 [MEDIUM] CWE-20 CVE-2016-4661: An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.

CVE-2016-7609 [MEDIUM] CWE-476 CVE-2016-7609: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVE-2016-7577 [LOW] CWE-200 CVE-2016-7577: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

CVE-2016-7657 [LOW] CWE-20 CVE-2016-7657: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

CVE-2016-7714 [LOW] CWE-200 CVE-2016-7714: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

CVE-2016-4670 [LOW] CWE-255 CVE-2016-4670: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.