Mac Os X Security Vulnerabilities and Issues — Page 6 of Mac Os X CVE List

9.8CVSS8AI score0.0025EPSS

CVE-2017-2402

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active...

9.3CVSS7.8AI score0.00195EPSS

CVE-2017-2410

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

6.5CVSS6AI score0.00074EPSS

CVE-2017-2418

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Hypervisor" component. It allows guest OS users to obtain sensitive information from the CR8 control register via unspecified vectors.

9.3CVSS8.1AI score0.00183EPSS

CVE-2017-2427

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE•added 2017/05/22 5:29 a.m.•47 views

CVE-2017-2507

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00265EPSS

CVE•added 2017/05/22 5:29 a.m.•47 views

CVE-2017-2533

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

7.6CVSS6.7AI score0.02315EPSS

5.5CVSS5.6AI score0.00193EPSS

CVE-2017-6974

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.

CVE•added 2017/05/22 5:29 a.m.•47 views

CVE-2017-6986

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.

7.8CVSS7.2AI score0.00239EPSS

CVE•added 2017/07/20 4:29 p.m.•47 views

CVE-2017-7017

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.1AI score0.00165EPSS

CVE•added 2017/07/20 4:29 p.m.•47 views

CVE-2017-7050

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

8CVSS8.1AI score0.00317EPSS

7.8CVSS7.7AI score0.00639EPSS

CVE-2016-4683

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file.

4.3CVSS4.7AI score0.0026EPSS

CVE-2016-7577

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

3.3CVSS3.3AI score0.00063EPSS

CVE-2016-7624

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

7.8CVSS6.2AI score0.00311EPSS

CVE-2016-7655

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-2509

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

5.5CVSS5.6AI score0.01649EPSS

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-2523

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial...

9.8CVSS8.8AI score0.13046EPSS

CVE•added 2017/07/20 4:29 p.m.•46 views

CVE-2017-7014

9.3CVSS8.1AI score0.00165EPSS

CVE•added 2017/04/13 4:59 p.m.•45 views

CVE-2010-1816

Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image.

9.3CVSS7.7AI score0.00652EPSS

CVE•added 2017/04/20 5:59 p.m.•45 views

CVE-2016-4650

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00428EPSS

CVE•added 2017/02/20 8:59 a.m.•45 views

CVE-2016-4670

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

3.3CVSS4.3AI score0.0006EPSS

CVE•added 2017/02/20 8:59 a.m.•45 views

CVE-2016-7602

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS6.8AI score0.00386EPSS

CVE•added 2017/02/20 8:59 a.m.•45 views

CVE-2016-7761

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage.

5.5CVSS4.8AI score0.00053EPSS

CVE•added 2017/04/02 1:59 a.m.•45 views

CVE-2017-2420

9.3CVSS8.1AI score0.00183EPSS

CVE-2017-2494

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

7.8CVSS7.2AI score0.00239EPSS

CVE-2017-2512

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-2537

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.7AI score0.00269EPSS

CVE-2017-6981

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.

CVE•added 2017/02/20 8:59 a.m.•44 views

CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted ar...

5.5CVSS5.3AI score0.00633EPSS

CVE•added 2017/05/22 5:29 a.m.•44 views

CVE-2017-2516

5CVSS5.4AI score0.01566EPSS

CVE•added 2017/05/22 5:29 a.m.•44 views

CVE-2017-6977

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.

8.6CVSS7.1AI score0.00239EPSS

CVE•added 2017/05/22 5:29 a.m.•44 views

CVE-2017-6985

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE•added 2017/07/20 4:29 p.m.•44 views

CVE-2017-7015

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Audio" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file.

7.8CVSS7.2AI score0.00366EPSS

5.5CVSS5.2AI score0.00164EPSS

CVE-2016-4661

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.

9.3CVSS7.4AI score0.00183EPSS

CVE-2016-4662

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

8.8CVSS8.2AI score0.00958EPSS

CVE-2016-4667

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.

5.9CVSS4.9AI score0.00263EPSS

CVE-2016-4721

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.

9.3CVSS7.5AI score0.00402EPSS

CVE-2016-4780

An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Thunderbolt" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

5.5CVSS5.1AI score0.00058EPSS

CVE-2016-7628

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors.

CVE•added 2017/05/22 5:29 a.m.•43 views

CVE-2017-2503

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.