Apple macOS vulnerabilities

CVE-2017-2357 [LOW] CWE-200 CVE-2017-2357: An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

CVE-2016-7620 [LOW] CWE-200 CVE-2016-7620: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

CVE-2016-7625 [LOW] CWE-200 CVE-2016-7625: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

CVE-2016-7624 [LOW] CWE-200 CVE-2016-7624: An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue invol An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

CVE-2016-4658 [CRITICAL] CWE-119 CVE-2016-4658: xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 1 xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

CVE-2016-4694 [CRITICAL] CWE-284 CVE-2016-4694: The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 sectio The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy ser

CVE-2016-4702 [CRITICAL] CWE-119 CVE-2016-4702: Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-4709 [HIGH] CWE-704 CVE-2016-4709: WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that le WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4710.

CVE-2016-4777 [HIGH] CWE-264 CVE-2016-4777: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.

CVE-2016-4773 [HIGH] CWE-125 CVE-2016-4773: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

CVE-2016-4772 [HIGH] CWE-399 CVE-2016-4772: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows re The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

CVE-2016-4779 [HIGH] CWE-119 CVE-2016-4779: Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary co Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

CVE-2016-4698 [HIGH] CWE-20 CVE-2016-4698: AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-4710 [HIGH] CVE-2016-4710: WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that le WindowServer in Apple OS X before 10.12 allows local users to obtain root access via vectors that leverage "type confusion," a different vulnerability than CVE-2016-4709.

CVE-2016-4736 [HIGH] CWE-119 CVE-2016-4736: libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory c libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.

CVE-2016-4724 [HIGH] CWE-476 CVE-2016-4724: IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitra IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2016-4696 [HIGH] CWE-476 CVE-2016-4696: AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privilege AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2016-4776 [HIGH] CVE-2016-4776: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.

CVE-2016-4697 [HIGH] CWE-119 CVE-2016-4697: Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privi Apple HSSPI Support in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-4711 [HIGH] CWE-20 CVE-2016-4711: CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers t CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.