Apple macOS vulnerabilities

CVE-2015-3704 [CRITICAL] CWE-264 CVE-2015-3704: runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 d runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2015-3707 [CRITICAL] CVE-2015-3707: The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arb The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

CVE-2015-3706 [CRITICAL] CVE-2015-3706: IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a pri IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.

CVE-2015-3705 [CRITICAL] CWE-119 CVE-2015-3705: IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a pri IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.

CVE-2015-3712 [CRITICAL] CWE-119 CVE-2015-3712: The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code i The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.

CVE-2015-3691 [CRITICAL] CWE-284 CVE-2015-3691: The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X befo The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.

CVE-2015-3672 [HIGH] CWE-284 CVE-2015-3672: Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which a Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors.

CVE-2015-3717 [HIGH] CWE-120 CVE-2015-3717: Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2015-3702 [HIGH] CVE-2015-3702: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701.

CVE-2015-3695 [HIGH] CWE-119 CVE-2015-3695: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

CVE-2015-3701 [HIGH] CVE-2015-3701: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.

CVE-2015-3697 [HIGH] CVE-2015-3697: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

CVE-2015-3708 [HIGH] CVE-2015-3708: kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack.

CVE-2015-3673 [HIGH] CWE-264 CVE-2015-3673: Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.

CVE-2015-3674 [HIGH] CWE-119 CVE-2015-3674: afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2015-3696 [HIGH] CVE-2015-3696: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

CVE-2015-3671 [HIGH] CWE-284 CVE-2015-3671: Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

CVE-2015-3700 [HIGH] CVE-2015-3700: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702.

CVE-2015-3678 [HIGH] CWE-77 CVE-2015-3678: AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cau AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands.

CVE-2015-3698 [HIGH] CVE-2015-3698: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.