Apple macOS vulnerabilities

CVE-2015-3699 [HIGH] CVE-2015-3699: Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

CVE-2015-3679 [MEDIUM] CWE-119 CVE-2015-3679: Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3680, CVE-2015-3681, and CVE-2015-3682.

CVE-2015-3714 [MEDIUM] CWE-254 CVE-2015-3714: Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature veri Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.

CVE-2015-3710 [MEDIUM] CWE-254 CVE-2015-3710: Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh op Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.

CVE-2015-3669 [MEDIUM] CVE-2015-3669: QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary cod QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3665.

CVE-2015-3703 [MEDIUM] CWE-119 CVE-2015-3703: ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.

CVE-2015-3690 [MEDIUM] CWE-200 CVE-2015-3690: The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.

CVE-2015-3719 [MEDIUM] CVE-2015-3719: TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.

CVE-2015-3686 [MEDIUM] CVE-2015-3686: CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrar CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

CVE-2015-3666 [MEDIUM] CVE-2015-3666: QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668.

CVE-2015-3675 [MEDIUM] CWE-284 CVE-2015-3675: The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.

CVE-2015-3716 [MEDIUM] CWE-77 CVE-2015-3716: Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.

CVE-2015-3677 [MEDIUM] CWE-200 CVE-2015-3677: The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.

CVE-2015-3692 [MEDIUM] CWE-284 CVE-2015-3692: Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.

CVE-2015-3715 [MEDIUM] CWE-254 CVE-2015-3715: The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries th The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.

CVE-2015-3713 [MEDIUM] CWE-119 CVE-2015-3713: QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.

CVE-2015-3721 [MEDIUM] CWE-200 CVE-2015-3721: The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.

CVE-2015-3680 [MEDIUM] CVE-2015-3680: Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3681, and CVE-2015-3682.

CVE-2015-3682 [MEDIUM] CVE-2015-3682: Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3681.

CVE-2015-3694 [MEDIUM] CWE-119 CVE-2015-3694: FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitr FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.