Monthly Archive: March 2016

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Date published : 2016-03-23...

Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00006.html http://www.securityfocus.com/bid/85054

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. Date published...

TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...

The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain...

The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html...

The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/bid/85055

The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://www.securityfocus.com/bid/85055

The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html https://support.apple.com/HT206167

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html https://support.apple.com/HT206167

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. Date published...

QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768. Date published...

The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html https://support.apple.com/HT206166

otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. Date published : 2016-03-23 http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html https://support.apple.com/HT206172