Security Vulnerabilities - CVEs Published In March 2016
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-03-24
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVSS Score
7.8
EPSS Score
0.007
Published
2016-03-24
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-03-24
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2016-03-24
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site.
CVSS Score
6.5
EPSS Score
0.005
Published
2016-03-24
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-03-24
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
CVSS Score
7.8
EPSS Score
0.053
Published
2016-03-24
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
CVSS Score
7.8
EPSS Score
0.086
Published
2016-03-24
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
CVSS Score
7.8
EPSS Score
0.053
Published
2016-03-24
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.001
Published
2016-03-24