VARIoT IoT vulnerabilities database

Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors. Apple Mac OS X is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Disk Utility is one of the Disk Utility components. An attacker could exploit this vulnerability to prevent programs from compressing and encrypting disk images. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the com.apple.SubmitDiagInfo service. The issue lies in the failure to validate a user-supplied path prior to creating a directory. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. Crash Reporter is one of the components used to debug programs and record all test information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. CoreStorage is one of the disk structures. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824. Apple tvOS, Mac OS X and iOS are prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. The IOHIDFamily API is one of the kernel extensions (Abstract Interface for Human Interface Devices) API components. A security vulnerability exists in IOHIDFamily for Apple iOS versions prior to 9.3.2, watchOS versions prior to 2.2.1, OS X El Capitan versions prior to 10.11.5, and tvOS versions prior to 9.2.1. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. CVE-ID CVE-2016-1849 : Adham Ghrayeb Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-1 macOS 10.12.2 macOS 10.12.2 is now available and addresses the following: apache_mod_php Available for: macOS Sierra 10.12.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26. CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative Assets Available for: macOS Sierra 10.12.1 Impact: A local attacker may modify downloaded mobile assets Description: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions. CVE-2016-7628: an anonymous researcher Audio Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent Bluetooth Available for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7605: daybreaker of Minionz Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero CoreCapture Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved state management. CVE-2016-7604: daybreaker of Minionz CoreFoundation Available for: macOS Sierra 10.12.1 Impact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking. CVE-2016-7663: an anonymous researcher CoreGraphics Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM CoreMedia External Displays Available for: macOS Sierra 10.12.1 Impact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day Initiative CoreMedia Playback Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7588: dragonltx of Huawei 2012 Laboratories CoreStorage Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative CoreText Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform Department curl Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0. CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 Directory Services Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7633: Ian Beer of Google Project Zero Disk Images Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform Department FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4688: Simon Huang of Alipay company, thelongestusernameofall@gmail.com Foundation Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform Department Grapher Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform Department ICU Available for: macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7594: AndrA(c) Bargull ImageIO Available for: macOS Sierra 10.12.1 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team Intel Graphics Driver Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative IOAcceleratorFamily Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative IOFireWireFamily Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to read kernel memory Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7608: Brandon Azad IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-1823: Ian Beer of Google Project Zero IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7591: daybreaker of Minionz IOKit Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative IOKit Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day Initiative IOSurface Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com) CVE-2016-7612: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space. CVE-2016-7607: Brandon Azad Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2016-7615: The UK's National Cyber Security Centre (NCSC) Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management. CVE-2016-7621: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7637: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7644: Ian Beer of Google Project Zero kext tools Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7629: @cocoahuke libarchive Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to overwrite existing files Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2016-7619: an anonymous researcher LibreSSL Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304 OpenLDAP Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a default cipher. CVE-2016-1777: Pepi Zawodsky OpenPAM Available for: macOS Sierra 10.12.1 Impact: A local unprivileged user may gain access to privileged applications Description: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling. CVE-2016-7600: Perette Barella of DeviousFish.com OpenSSL Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code Description: An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation. CVE-2016-6303 OpenSSL Available for: macOS Sierra 10.12.1 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304 Power Management Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7661: Ian Beer of Google Project Zero Security Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher. CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA Paris Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com) Security Available for: macOS Sierra 10.12.1 Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates. CVE-2016-7662: Apple syslog Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7660: Ian Beer of Google Project Zero macOS 10.12.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh mMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl xTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX UhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE fHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP SJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC c63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh +x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4 OELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY xPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u 0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf msyz+/zQNISkly6K0VBO =0QW0 -----END PGP SIGNATURE-----

The Multi-Touch subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CFData objects within the WindowServer process. An attacker can cause a CFData object in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the WindowServer. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. Multi-Touch is one of the multi-touch components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. Captive Network Assistant (CNS) is one of the network assistant components. The vulnerability is caused by the program not correctly handling the custom URL scheme. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Audio in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. Audio is one of the audio components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. Audio is one of the audio components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Authentication is not required to exploit this vulnerability.The specific flaw exists within the sandbox policy for the fontd process. The issue lies in the failure to properly ensure the FontValidator binary is either excluded from the policy, or is also sandboxed. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the GetUncompressedBitmapRepresentation method. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the user. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. AppleGraphicsPowerManagement is one of the graphics card power management components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. This vulnerability CVE-2016-1793 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. AppleGraphicsControl is one of the integrated graphics driver components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. This vulnerability CVE-2016-1794 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. AppleGraphicsControl is one of the integrated graphics driver components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. Apple iOS is prone to a stack-based buffer-overflow vulnerability. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Versions prior to iOS 9.3.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-2 iOS 9.3.2 iOS 9.3.2 is now available and addresses the following: Accessibility Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to determine kernel memory layout Description: A buffer overflow was addressed through improved size validation. CVE-ID CVE-2016-1790 : Rapelly Akhil CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.3.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOjz9AAoJEIOj74w0bLRGhaEP/2vSxjMnyoe2P8hRRQKb8LaL oigygYPvWnP6pQMywPpnx96TtTK8qFLOtxaCFzk0IYcCvyA7J7Hp+V69JKuOzj7a rOPcgwsHbFv56ZMJxlEX0v7l7JcptghvujugKKHXg6M8nRluu47LT4uaUI4y87kV NHhlb59k/SGmmzkY83xvVSX1bHxhTt9/Cmpd+xwVGpQDIhWPurhJnImbvxusZT4I 5sVs/+K9C+mAHDvDZbjQi8evDePCmeeeXRmVsNfDTh9oo5Q8iSKjRXC05vZZlcVU R4ntXCEwWXFuLrVDExL1SA36hVuTiht+vbpTDweIj25hfaZs3fTtFIPXzu7MGM50 KsV4xMUMeszB+tlC/GoU6s1gK4yo/mxnbmuXxWQGBUKgiVzRXzXAYfGr9CuY+eCm QotCnXl6oKn8oGqX5Tqmt8onjHAAnk1qdrK7FpRxZTPYYzfIn/OEH4kAsCcuj8qq eYdsHM/8C7Oas3it+dZleDTNmFET4aMA4bIOzHiJSyHS1MvzZoSBxKQHLXjZS+yl 2Z9c135et4TTeqMl0WwhtHKBGdiUfaLOcUi3e0ZnFdDKjQZyo7+w/ma6l/JKwDLs uUCXLvKeEGeNyA75IbS9WEMDgeykh0DgQ4oF6xXth+yod3YnUNcBR8i8UbW68Jo/ WD39gI5XNrpUq9cUOg7t =lS4p -----END PGP SIGNATURE-----

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. This issue was addressed by disabling data detectors in Twitter results when the device is locked. CVE-ID CVE-2016-1852 : videosdebarraquito WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1821 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1822 : CESG IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1823 : Ian Beer of Google Project Zero CVE-2016-1824 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1825 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com] Multi-Touch Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1848 : Francis Provencher from COSIG SceneKit Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

The AMD subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. Apple Mac OS X 10.9.5, 10.10.5 and 10.11 through 10.11.4 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1827 : Brandon Azad CVE-2016-1828 : Brandon Azad CVE-2016-1829 : CESG CVE-2016-1830 : Brandon Azad CVE-2016-1831 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow existed in dtrace. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1826 : Ben Murphy working with Trend Micro’s Zero Day Initiative libc Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1832 : Karl Williamson libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1833 : Mateusz Jurczyk CVE-2016-1834 : Apple CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-1838 : Mateusz Jurczyk CVE-2016-1839 : Mateusz Jurczyk CVE-2016-1840 : Kostya Serebryany libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1841 : Sebastian Apelt MapKit Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links. CVE-ID CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak) Messages Available for: OS X El Capitan v10.11 and later Impact: A malicious server or user may be able to modify another user's contact list Description: A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets. CVE-ID CVE-2016-1844 : Thijs Alkemade of Computest Messages Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to leak sensitive user information Description: An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding. CVE-ID CVE-2016-1843 : Heige (a.k.a. CVE-ID CVE-2016-1804 : Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1846 : Ian Beer of Google Project Zero OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks QuickTime Available for: OS X El Capitan v10.11 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1850 : Tyler Bohan of Cisco Talos Screen Lock Available for: OS X El Capitan v10.11 and later Impact: A person with physical access to a computer may be able to reset an expired password from the lock screen Description: An issue existed in the management of password profiles. This issue was addressed through improved password reset handling. CVE-ID CVE-2016-1851 : an anonymous researcher Tcl Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A protocol security issue was addressed by disabling SSLv2. CVE-ID CVE-2016-1853 : researchers at Tel Aviv University, Münster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt Note: OS X El Capitan 10.11.5 includes the security content of Safari 9.1.1. For further details see https://support.apple.com/en-us/HT206565 OS X El Capitan 10.11.5 and Security Update 2016-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0GAAoJEIOj74w0bLRGFp0QANQktsdXgOptLJWGqWXaDKmW HaY0fNyuXNLzGNH2GKQ1yXi2KjMqGnCuAwaS3Ku/4qx2Imq3X+BLLYrSOwttbAvQ yGdWaFo1ExK/WT4CI02QM7LDOZNXOyZq/ofQ4jXi/wDpuXXNV+I+RsMMUJL4Uon9 2fngj7FHXk4fvCYs9lahjv+wDGkpIcVDTU6Liqxmje2KQzShYJ8tYwwacsOSQKxk bmsUiA9q9zkGbbo7mo5WikQUO1XWaBLQiBejzJMyNEFGECtOc9B4+irTJgERTSHb igd2875EmH/sNI6WkEQNZwpMfdKBhNI/W9e/DhZVSwAydK6xt8yr0vd5ZF/M8jCU CWGzoOQI1snlr862Ccx7H+db8umu1UmDMUjz1To+hqCEhnvMW2/oRvrKtk2Q65Pu STqixhDl0HEamvX/72r7LNsZHjzmoGoKjpwjnGf0phZgSBP1bWKmhp9748Rcb12a LzwRy7KJ20W8XGGiMeqKoe4bFaBK6iBJok4+ZpROadGrxtjVumtqbZ5CrY1Hp8/F I4VMuReDqG39G4yyDeAEr9JWRdmV285Z1zaxOgd2CsPblDfEWp9HiBpC8Agd1p9x Mf/EDssinL1K7dQQPIXgGUE5S6Z2DzGEeKvHzm8kLxl0OfwntATY/mf7TM0nj4JY YyNMZcKPuYVmF3b2PAfb =P+17 -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site. Apple iOS , Safari and tvOS Used in etc. Attackers can exploit these issues to execute arbitrary code and gain sensitive information. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. An attacker could use a specially crafted website to exploit this vulnerability to obtain data from other websites. =========================================================================== Ubuntu Security Notice USN-3079-1 September 14, 2016 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1 . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0004 ------------------------------------------------------------------------ Date reported : May 30, 2016 Advisory ID : WSA-2016-0004 Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859. Several vulnerabilities were discovered in WebKitGTK+. CVE-2016-1854 Versions affected: WebKitGTK+ before 2.12.1. Credit to Anonymous working with Trend Micro's Zero Day Initiative. CVE-2016-1856 Versions affected: WebKitGTK+ before 2.12.1. Credit to lokihardt working with Trend Micro's Zero Day Initiative. CVE-2016-1857 Versions affected: WebKitGTK+ before 2.12.3. Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative. CVE-2016-1858 Versions affected: WebKitGTK+ before 2.12.0. Credit to Anonymous. CVE-2016-1859 Versions affected: WebKitGTK+ before 2.12.1. Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, May 30, 2016 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-5 Safari 9.1.1 Safari 9.1.1 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+ LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8 P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3 2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7 CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2 SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL 6xvn35QzPS6xQsexYsbi =Ybx7 -----END PGP SIGNATURE-----

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS , Safari and tvOS Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of GraphicsContext objects. By manipulating a document's elements an attacker can force this object in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices. tvOS is a smart TV operating system. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit Canvas is used for one of the drawing components. =========================================================================== Ubuntu Security Notice USN-3079-1 September 14, 2016 webkit2gtk vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.12.5-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.12.5-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3079-1 CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859, CVE-2016-4583, CVE-2016-4585, CVE-2016-4586, CVE-2016-4588, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4622, CVE-2016-4623, CVE-2016-4624, CVE-2016-4651 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.12.5-0ubuntu0.16.04.1 . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2016-0004 ------------------------------------------------------------------------ Date reported : May 30, 2016 Advisory ID : WSA-2016-0004 Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859. Several vulnerabilities were discovered in WebKitGTK+. CVE-2016-1854 Versions affected: WebKitGTK+ before 2.12.1. Credit to Anonymous working with Trend Micro's Zero Day Initiative. CVE-2016-1856 Versions affected: WebKitGTK+ before 2.12.1. Credit to lokihardt working with Trend Micro's Zero Day Initiative. CVE-2016-1857 Versions affected: WebKitGTK+ before 2.12.3. Credit to Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative. CVE-2016-1858 Versions affected: WebKitGTK+ before 2.12.0. Credit to Anonymous. CVE-2016-1859 Versions affected: WebKitGTK+ before 2.12.1. Credit to Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, May 30, 2016 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-5 Safari 9.1.1 Safari 9.1.1 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+ LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8 P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3 2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7 CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2 SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL 6xvn35QzPS6xQsexYsbi =Ybx7 -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857. Apple iOS , Safari and tvOS Used in etc. Attackers can exploit these issues to execute arbitrary code and gain sensitive information. Failed exploit attempts may result in a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-5 Safari 9.1.1 Safari 9.1.1 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion. CVE-ID CVE-2016-1849 : Adham Ghrayeb WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a malicious website may disclose data from another website Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking. CVE-ID CVE-2016-1858 : an anonymous researcher WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative CVE-2016-1857 : Jeonghoon Shin@A.D.D, Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative WebKit Canvas Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative Safari 9.1.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXOj0LAAoJEIOj74w0bLRGg00P/15+B1ltGhgazsTVc8eZVaC+ LVe24/wN8yTv8I5N23JLFRcMopJj7GFSEU+ApYvgkgw2U3w5sku7Vz0scG2YYHca ubfUP3GdIsNlgaDMUvBCS3dUyzbK85AYZHhcAvQ4nL60Ttjk2wi9YpnKuY7eTEwi GnMmfuRdmsN6pEIUofCrwtYw2zC4Yte/iyxZSc9vQthqjLqn992FBrWZO6NLnhK8 P1NusAo/Eby/Z8xftS+foHGEcZg2zuKDkJsoHgN+HwiuO8bdiA9ZeqbH2iQIymbo N/PRIP2E1W/RXFodit16oA3PjoHs813WOyoc85mG8yLNOoLXcdpSWqosDKUhrXsF FL4H+O0XCUUDEzYr+kyqj+tvNn3UwnNEcW6ZgyrWBU2w93CG1MpR9eTr4o/xxLd3 2gN4mj8PvK/Or2TVKFBB5rRb+SIKjPqrDyB/NJyqnaLurnuEYjMZv7nM6U3HDFql XxZ3b3jq0uoBXOAAiSm1g6MFgcjkZLcvM55CkljQha5SKCgrUnZ52jsDPqXGfNL7 CUcTUQ8VTtXknASYo6c1dOZs0snCkHNK84iFZdELwQz8t4R6ERH0YmV8yuplqOe2 SoYDJig8OkfdQK3HaL6MTNn7flwAsb/YV17nVYZxINYbkF88ticAH4l/KuCPQyXL 6xvn35QzPS6xQsexYsbi =Ybx7 -----END PGP SIGNATURE-----