CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Date published : 2016-05-26
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html