Apple macOS vulnerabilities

CVE-2016-4072 [CRITICAL] CWE-20 CVE-2016-4072: The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote att The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

CVE-2016-4071 [CRITICAL] CWE-20 CVE-2016-4071: Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

CVE-2016-4073 [CRITICAL] CWE-119 CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PH Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call.

CVE-2016-1797 [HIGH] CWE-284 CVE-2016-1797: Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValid Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app.

CVE-2016-1848 [HIGH] CWE-119 CVE-2016-1848: QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.

CVE-2016-1829 [HIGH] CVE-2016-1829: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2 The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.

CVE-2016-1831 [HIGH] CWE-119 CVE-2016-1831: The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary c The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1804 [HIGH] CWE-119 CVE-2016-1804: The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1846 [HIGH] CWE-119 CVE-2016-1846: The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X bef The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference and memory corruption) via a crafted app.

CVE-2016-1815 [HIGH] CWE-119 CVE-2016-1815: IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a pri IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1827 [HIGH] CWE-119 CVE-2016-1827: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2 The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.

CVE-2016-1819 [HIGH] CVE-2016-1819: Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016

CVE-2016-1822 [HIGH] CWE-119 CVE-2016-1822: IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privil IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-1806 [HIGH] CWE-284 CVE-2016-1806: Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileg Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-1824 [HIGH] CVE-2016-1824: IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2. IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.

CVE-2016-1821 [HIGH] CVE-2016-1821: IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privilege IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2016-1826 [HIGH] CVE-2016-1826: Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows atta Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2016-1801 [HIGH] CWE-200 CVE-2016-1801: The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2. The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2016-1843 [HIGH] CWE-20 CVE-2016-1843: The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remot The Messages component in Apple OS X before 10.11.5 mishandles filename encoding, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2016-1794 [HIGH] CVE-2016-1794: The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 1 The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.