Apple Macos Sierra vulnerabilities

CVE-2016-4774 [HIGH] CVE-2016-4774: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4774 Component: Kernel Impact: An application may be able to determine kernel memory layout Description: Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.

CVE-2016-4697 [HIGH] CVE-2016-4697: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4697 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-4696 [HIGH] CVE-2016-4696: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4696 Component: AppleEFIRuntime Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-4742 [MEDIUM] CVE-2016-4742: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4742 Component: NSSecureTextField Impact: A malicious application may be able to leak a user's credentials Description: A state management issue existed in NSSecureTextField, which failed to enable Secure Input. This issue was addressed through improved window management.

CVE-2016-6292 [MEDIUM] CVE-2016-6292: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-6292 Component: CVE-2016-6292

CVE-2016-4748 [MEDIUM] CVE-2016-4748: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4748 Component: Perl Impact: A local user may be able to bypass the taint protection mechanism Description: An issue existed in the parsing of environment variables. This issue was addressed through improved validation of environment variables.

CVE-2016-4771 [MEDIUM] CVE-2016-4771: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4771 Component: Kernel Impact: A local application may be able to access restricted files Description: A parsing issue in the handling of directory paths was addressed through improved path validation.

CVE-2016-4708 [MEDIUM] CVE-2016-4708: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4708 Component: CFNetwork Impact: Processing maliciously crafted web content may compromise user information Description: An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking.

CVE-2016-7580 [MEDIUM] CVE-2016-7580: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-7580 Component: Mail Impact: A malicious website may be able to cause a denial-of-service Description: A denial of service issue was addressed through improved URL handling.

CVE-2016-4722 [MEDIUM] CVE-2016-4722: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4722 Component: IDS - Connectivity Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A spoofing issue existed in the handling of Call Relay. This issue was addressed through improved input validation.

CVE-2016-4706 [MEDIUM] CVE-2016-4706: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4706 Component: Bluetooth Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-4701 [MEDIUM] CVE-2016-4701: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4701 Component: Application Firewall Impact: A local user may be able to cause a denial of service Description: A validation issue existed in the handling of firewall prompts. This issue was addressed through improved validation of SO_EXECPATH.

CVE-2016-4707 [MEDIUM] CVE-2016-4707: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4707 Component: CFNetwork Impact: A local user may be able to discover websites a user has visited Description: An issue existed in Local Storage deletion. This issue was addressed through improved Local Storage cleanup.

CVE-2016-4713 [MEDIUM] CVE-2016-4713: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4713 Component: CoreDisplay Impact: A user with screen sharing access may be able to view another user's screen Description: A session management issue existed in the handling of screen sharing sessions. This issue was addressed through improved session tracking.

CVE-2016-4718 [MEDIUM] CVE-2016-4718: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4718 Component: FontParser Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.

CVE-2016-4752 [MEDIUM] CVE-2016-4752: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4752 Component: Security Impact: An application using SecKeyDeriveFromPassword may leak memory Description: A resource management issue existed in the handling of key derivation. This issue was addressed by adding CF_RETURNS_RETAINED to SecKeyDeriveFromPassword.

CVE-2016-4755 [MEDIUM] CVE-2016-4755: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4755 Component: Terminal Impact: A local user may be able to leak sensitive user information Description: A permissions issue existed in .bash_history and .bash_session. This issue was addressed through improved access restrictions.

CVE-2016-4745 [MEDIUM] CVE-2016-4745: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4745 Component: Kerberos v5 PAM module Impact: A remote attacker may determine the existence of user accounts Description: A timing side channel allowed an attacker to determine the existence of user accounts on a system. This issue was addressed by introducing constant time checks.

CVE-2016-4715 [LOW] CVE-2016-4715: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4715 Component: Date & Time Pref Pane Impact: A malicious application may be able to determine a user's current location Description: An issue existed in the handling of the .GlobalPreferences file. This was addressed though improved validation.

CVE-2016-4717 [LOW] CVE-2016-4717: macOS Sierra 10.12 Apple Security Update: About the security content of macOS Sierra 10.12 Product: macOS Sierra Version: 10.12 CVE: CVE-2016-4717 Component: File Bookmark Impact: A local application may be able to cause a denial of service Description: A resource management issue existed in the handling of scoped bookmarks. This issue was addressed through improved file descriptor handling.