runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.26%
Published
2015-08-17
Updated
2017-09-21
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770.
Max CVSS
9.3
EPSS Score
0.22%
Published
2015-08-17
Updated
2017-09-21
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-08-17
Updated
2016-12-24
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-08-17
Updated
2017-09-21
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
Max CVSS
9.3
EPSS Score
0.46%
Published
2015-08-17
Updated
2017-09-21
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-08-17
Updated
2016-12-24
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-08-16
Updated
2016-12-24
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
Max CVSS
9.3
EPSS Score
0.22%
Published
2015-08-16
Updated
2017-09-21
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
Max CVSS
9.3
EPSS Score
0.31%
Published
2015-08-16
Updated
2016-12-24
9 vulnerabilities found