Apple macOS vulnerabilities

CVE-2015-6988 [CRITICAL] CVE-2015-6988: The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data s The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.

CVE-2015-6974 [CRITICAL] CWE-119 CVE-2015-6974: IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-6983 [HIGH] CVE-2015-6983: Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.

CVE-2015-6994 [HIGH] CWE-399 CVE-2015-6994: The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.

CVE-2015-7021 [HIGH] CWE-119 CVE-2015-7021: The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors.

CVE-2015-6975 [HIGH] CWE-119 CVE-2015-6975: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.

CVE-2015-5932 [HIGH] CVE-2015-5932: The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspe The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.

CVE-2015-7016 [HIGH] CWE-264 CVE-2015-7016: The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.

CVE-2015-5945 [HIGH] CWE-20 CVE-2015-5945: The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.

CVE-2015-6992 [HIGH] CVE-2015-6992: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

CVE-2015-7035 [HIGH] CWE-17 CVE-2015-7035: Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles argumen Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.

CVE-2015-6984 [HIGH] CWE-284 CVE-2015-6984: libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted a libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack.

CVE-2015-7017 [HIGH] CVE-2015-7017: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

CVE-2015-7007 [HIGH] CVE-2015-7007: Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confir Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.

CVE-2015-7013 [MEDIUM] CWE-119 CVE-2015-7013: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.

CVE-2015-5926 [MEDIUM] CVE-2015-5926: The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 al The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.

CVE-2015-5943 [MEDIUM] CWE-254 CVE-2015-5943: SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.

CVE-2015-7008 [MEDIUM] CVE-2015-7008: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-5924 [MEDIUM] CWE-119 CVE-2015-5924: The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2015-6996 [MEDIUM] CWE-119 CVE-2015-6996: IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows at IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.