2016.json

[
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4692", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7635", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7652", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7656", 
        "credit": "Keen Lab working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4743", 
        "credit": "Alan Cutter", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of user information", 
        "available": "Windows 7 and later", 
        "description": "A validation issue was addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7586", 
        "credit": "Boris Zbarsky", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7587", 
        "credit": "Adam Klein", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7610", 
        "credit": "Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7611", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7639", 
        "credit": "Tongbo Luo of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7640", 
        "credit": "Kai Kang of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7641", 
        "credit": "Kai Kang of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7642", 
        "credit": "Tongbo Luo of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7645", 
        "credit": "Kai Kang of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7646", 
        "credit": "Kai Kang of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7648", 
        "credit": "Kai Kang of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7649", 
        "credit": "Kai Kang of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7654", 
        "credit": "Keen Lab working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7589", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may compromise user information", 
        "available": "Windows 7 and later", 
        "description": "An issue existed in handling of JavaScript prompts. This was addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7592", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "Windows 7 and later", 
        "description": "An uninitialized memory access issue was addressed through improved memory initialization.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7598", 
        "credit": "Samuel Gro\u00df", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of user information", 
        "available": "Windows 7 and later", 
        "description": "An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7599", 
        "credit": "Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7632", 
        "credit": "Jeonghoon Shin", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "A local user may be able to leak sensitive user information", 
        "available": "Windows 7 and later", 
        "description": "The iCloud desktop client failed to clear sensitive information in memory. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Windows Security", 
        "id": "CVE-2016-7614", 
        "credit": "Yakir Wizman", 
        "page": "https://support.apple.com/kb/HT207424"
    }, 
    {
        "impact": "A script executing in a JavaScript sandbox may be able to access state outside that sandbox", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.2", 
        "description": "A validation issue existed in processing JavaScript. This issue was addressed through improved validation.", 
        "update": "August 16, 2017", 
        "module": "JavaScriptCore", 
        "id": "CVE-2016-4695", 
        "credit": "Mark S. Miller of Google", 
        "page": "https://support.apple.com/kb/HT207421"
    }, 
    {
        "impact": "Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.2", 
        "description": "Multiple validation issues were addressed through improved input sanitization.", 
        "update": null, 
        "module": "Safari Reader", 
        "id": "CVE-2016-7650", 
        "credit": "Erling Ellingsen", 
        "page": "https://support.apple.com/kb/HT207421"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may compromise user information", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1", 
        "description": "An issue existed in the handling of blob URLs. This issue was addressed through improved URL handling.", 
        "update": "December 14, 2016", 
        "module": "WebKit", 
        "id": "CVE-2016-7623", 
        "credit": "xisigr of Tencent's Xuanwu Lab (tencent.com)", 
        "page": "https://support.apple.com/kb/HT207421"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7411", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7412", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7413", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7414", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7416", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7417", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may cause an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-7418", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "AppleGraphicsPowerManagement", 
        "id": "CVE-2016-7609", 
        "credit": "daybreaker@Minionz working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local attacker may modify downloaded mobile assets", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions.", 
        "update": "December 15, 2016", 
        "module": "Assets", 
        "id": "CVE-2016-7628", 
        "credit": "Marcel Bresink of Marcel Bresink Software-Systeme", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted file may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-7658", 
        "credit": "Haohao Kong of Keen Lab (@keen_lab) of Tencent", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted file may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-7659", 
        "credit": "Haohao Kong of Keen Lab (@keen_lab) of Tencent", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": "December 14, 2016", 
        "module": "Bluetooth", 
        "id": "CVE-2016-7596", 
        "credit": "Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "Bluetooth", 
        "id": "CVE-2016-7605", 
        "credit": "daybreaker of Minionz", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Bluetooth", 
        "id": "CVE-2016-7617", 
        "credit": "Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "macOS Sierra 10.12.1 and OS X El Capitan v10.11.6", 
        "description": "A null pointer dereference was addressed through improved state management.", 
        "update": "December 14, 2016", 
        "module": "CoreCapture", 
        "id": "CVE-2016-7604", 
        "credit": "daybreaker of Minionz", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing malicious strings may lead to an unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "CoreFoundation", 
        "id": "CVE-2016-7663", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to unexpected application termination", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "CoreGraphics", 
        "id": "CVE-2016-7627", 
        "credit": "TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local application may be able to execute arbitrary code in the context of the mediaserver daemon", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "CoreMedia External Displays", 
        "id": "CVE-2016-7655", 
        "credit": "Keen Lab working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted .mp4 file may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "CoreMedia Playback", 
        "id": "CVE-2016-7588", 
        "credit": "dragonltx of Huawei 2012 Laboratories", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "CoreStorage", 
        "id": "CVE-2016-7603", 
        "credit": "daybreaker@Minionz working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.", 
        "update": null, 
        "module": "CoreText", 
        "id": "CVE-2016-7595", 
        "credit": "riusksk(\u6cc9\u54e5) of Tencent Security Platform Department", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted string may lead to a denial of service", 
        "available": "macOS Sierra 10.12.1", 
        "description": "An issue when rendering overlapping ranges was addressed through improved validation.", 
        "update": "December 15, 2016", 
        "module": "CoreText", 
        "id": "CVE-2016-7667", 
        "credit": "Nasser Al-Hadhrami (@fast_hack), Saif Al-Hinai (welcom_there) of Digital Unit (dgunit.com)", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-5419", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-5420", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-5421", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-7141", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-7167", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8615", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8616", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8617", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8618", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8619", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8620", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8621", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8622", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8623", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8624", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-8625", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to gain root privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A use after free issue was addressed through improved memory management.", 
        "update": null, 
        "module": "Directory Services", 
        "id": "CVE-2016-7633", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Disk Images", 
        "id": "CVE-2016-7616", 
        "credit": "daybreaker@Minionz working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2016-4691", 
        "credit": "riusksk(\u6cc9\u54e5) of Tencent Security Platform Department", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Foundation", 
        "id": "CVE-2016-7618", 
        "credit": "riusksk(\u6cc9\u54e5) of Tencent Security Platform Department", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Grapher", 
        "id": "CVE-2016-7622", 
        "credit": "riusksk(\u6cc9\u54e5) of Tencent Security Platform Department", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "ICU", 
        "id": "CVE-2016-7594", 
        "credit": "Andr\u00e9 Bargull", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A remote attacker may be able to leak memory", 
        "available": "macOS Sierra 10.12.1", 
        "description": "An out-of-bounds read was addressed through improved bounds checking.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-7643", 
        "credit": "Yangkang (@dnpushme) of Qihoo360 Qex Team", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-7602", 
        "credit": "daybreaker@Minionz working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local attacker may be able to read kernel memory", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOFireWireFamily", 
        "id": "CVE-2016-7608", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A shared memory issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-7624 ", 
        "credit": "Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local application with system privileges may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A use after free issue was addressed through improved memory management.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-7591", 
        "credit": "daybreaker of Minionz", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to read kernel memory", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "IOKit", 
        "id": "CVE-2016-7657", 
        "credit": "Keen Lab working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A shared memory issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOKit", 
        "id": "CVE-2016-7625", 
        "credit": "Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A shared memory issue was addressed through improved memory handling.", 
        "update": "January 25, 2017", 
        "module": "IOKit", 
        "id": "CVE-2016-7714", 
        "credit": "Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A shared memory issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOSurface", 
        "id": "CVE-2016-7620", 
        "credit": "Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple memory corruption issues were addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7606", 
        "credit": "@cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Multiple memory corruption issues were addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7612", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to read kernel memory", 
        "available": "macOS Sierra 10.12.1", 
        "description": "An insufficient initialization issue was addressed by properly initializing memory returned to user space.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7607", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A denial of service issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7615", 
        "credit": "The UK's National Cyber Security Centre (NCSC)", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A use after free issue was addressed through improved memory management.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7621", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to gain root privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7637", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local application with system privileges may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A use after free issue was addressed through improved memory management.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-7644", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": null, 
        "description": "A denial of service issue was addressed through improved memory handling.", 
        "update": "May 17, 2017", 
        "module": "Kernel", 
        "id": "CVE-2016-7647", 
        "credit": "Lufeng Li of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "kext tools", 
        "id": "CVE-2016-7629", 
        "credit": "@cocoahuke", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local attacker may be able to overwrite existing files", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.", 
        "update": null, 
        "module": "libarchive", 
        "id": "CVE-2016-7619", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker with a privileged network position may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12.1 and OS X El Capitan v10.11.6", 
        "description": "A denial of service issue in unbounded OCSP growth was addressed through improved memory handling.", 
        "update": "December 14, 2016", 
        "module": "LibreSSL", 
        "id": "CVE-2016-6304", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm", 
        "available": "macOS Sierra 10.12.1", 
        "description": "RC4 was removed as a default cipher.", 
        "update": null, 
        "module": "OpenLDAP", 
        "id": "CVE-2016-1777", 
        "credit": "Pepi Zawodsky", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local unprivileged user may gain access to privileged applications", 
        "available": "macOS Sierra 10.12.1", 
        "description": "PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling.", 
        "update": null, 
        "module": "OpenPAM", 
        "id": "CVE-2016-7600", 
        "credit": "Perette Barella of DeviousFish.com", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code", 
        "available": "macOS Sierra 10.12.1", 
        "description": "An overflow issue existed in MDC2_Update(). This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "OpenSSL", 
        "id": "CVE-2016-6303", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to gain root privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "An issue in mach port name references was addressed through improved validation.", 
        "update": null, 
        "module": "Power Management", 
        "id": "CVE-2016-7661", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm", 
        "available": "macOS Sierra 10.12.1", 
        "description": "3DES was removed as a default cipher.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-4693", 
        "credit": "Ga\u00ebtan Leurent and Karthikeyan Bhargavan from INRIA Paris", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-7636", 
        "credit": "Maksymilian Arciemowicz (cxsecurity.com)", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Certificates may be unexpectedly evaluated as trusted", 
        "available": "macOS Sierra 10.12.1", 
        "description": "A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-7662", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A local user may be able to gain root privileges", 
        "available": "macOS Sierra 10.12.1", 
        "description": "An issue in mach port name references was addressed through improved validation.", 
        "update": null, 
        "module": "syslog", 
        "id": "CVE-2016-7660", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "A malicious local user may be able to view sensitive network configuration information", 
        "available": "macOS Sierra 10.12.1", 
        "description": "Network configuration was unexpectedly global. This issue was addressed by moving sensitive network configuration to per-user settings.", 
        "update": "January 24, 2017", 
        "module": "WiFi", 
        "id": "CVE-2016-7761", 
        "credit": "Peter Loos, Karlsruhe, Germany", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Opening a maliciously crafted archive may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12.1", 
        "description": "The use of an uninitialized variable was addressed through improved validation.", 
        "update": "January 10, 2017", 
        "module": "xar", 
        "id": "CVE-2016-7742", 
        "credit": "Gareth Evans of Context Information Security", 
        "page": "https://support.apple.com/kb/HT207423"
    }, 
    {
        "impact": "Opening a maliciously crafted certificate may lead to arbitrary code execution", 
        "available": "Apple TV (4th generation)", 
        "description": "A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Profiles", 
        "id": "CVE-2016-7626", 
        "credit": "Maksymilian Arciemowicz (cxsecurity.com)", 
        "page": "https://support.apple.com/kb/HT207425"
    }, 
    {
        "impact": "A nearby user may be able to overhear spoken passwords", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords.", 
        "update": "January 10, 2017", 
        "module": "Accessibility", 
        "id": "CVE-2016-7634", 
        "credit": "Davut Hari, Biren V. Soni, Cameron Lee", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to access photos and contacts from the lock screen", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.", 
        "update": null, 
        "module": "Accessibility", 
        "id": "CVE-2016-7664", 
        "credit": "Miguel Alvarado of iDeviceHelp", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "An issue existed which did not reset the authorization settings on app uninstall", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "This issue was addressed through improved sanitization.", 
        "update": null, 
        "module": "Accounts", 
        "id": "CVE-2016-7651", 
        "credit": "Ju Zhu and Lilang Wu of Trend Micro", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A local attacker may be able to access clipboard contents", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "The clipboard contents were accessible before device unlock. This issue was addressed through improved state management.", 
        "update": "January 17, 2017", 
        "module": "Clipboard", 
        "id": "CVE-2016-7765", 
        "credit": "CongRong (@Tr3jer)", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "An attacker with an unlocked device may be able to disable Find My iPhone", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A state management issue existed in the handling of authentication information.  This issue was addressed through improved storage of account information.", 
        "update": null, 
        "module": "Find My iPhone", 
        "id": "CVE-2016-7638", 
        "credit": "an anonymous researcher, Sezer Sakiner", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "Watching a maliciously crafted video may lead to a denial of service", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A denial of service issue existed in the handling of video. This issue was addressed through improved input validation.", 
        "update": "December 15, 2016", 
        "module": "Graphics Driver", 
        "id": "CVE-2016-7665", 
        "credit": "Moataz El Gaml of Schlumberger, Daniel Schurter of watson.ch and Marc Ruef of scip AG", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A malicious HID device may be able to cause arbitrary code execution", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A validation issue existed in the handling of USB image devices. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Image Capture", 
        "id": "CVE-2016-4690", 
        "credit": "Andy Davis of NCC Group", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A malicious application may gain access to a device's MAC address", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An access issue was addressed through additional sandbox restrictions on third party applications.", 
        "update": "May 31, 2017", 
        "module": "Kernel", 
        "id": "CVE-2016-7766", 
        "credit": "Jun Yang(\u6768\u541b) of Tencent's WeiXin Group", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "The device may not lock the screen after the idle timeout", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A logic issue existed in the handling of the idle timer when the Touch ID prompt is shown. This issue was addressed through improved handling of the idle timer.", 
        "update": null, 
        "module": "Local Authentication", 
        "id": "CVE-2016-7601", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "An email signed with a revoked certificate may appear valid", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "S/MIME policy failed to check if a certificate was valid.  This issue was addressed by notifying a user if an email was signed with a revoked certificate.", 
        "update": null, 
        "module": "Mail", 
        "id": "CVE-2016-4689", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A user may be able to view photos and contacts from the lockscreen", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A validation issue existed in the handling of media selection. This issue was addressed through improved validation.", 
        "update": null, 
        "module": "Media Player", 
        "id": "CVE-2016-7653", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to unlock the device", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "In some cases, a counter issue existed in the handling of passcode attempts when resetting the passcode. This was addressed through improved state management.", 
        "update": null, 
        "module": "SpringBoard", 
        "id": "CVE-2016-4781", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to keep the device unlocked", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A cleanup issue existed in the handling of Handoff with Siri.  This was addressed through improved state management.", 
        "update": null, 
        "module": "SpringBoard", 
        "id": "CVE-2016-7597", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to cross site scripting", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An issue existed in displaying documents in Safari. This issue was addressed through improved input validation.", 
        "update": "January 24, 2017", 
        "module": "WebKit", 
        "id": "CVE-2016-7762", 
        "credit": "YongShao (Zhiyong Feng from JDSEC 1aq.com\u200d)", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "A sandboxed process may be able to circumvent sandbox restrictions", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A sandbox escape issue was addressed through additional restrictions.", 
        "update": "January 25, 2017", 
        "module": "WebSheet", 
        "id": "CVE-2016-7630", 
        "credit": "Marco Grassi (@marcograss) of KeenLab (@keen_lab) Tencent working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207422"
    }, 
    {
        "impact": "Parsing maliciously crafted EPUB may lead to disclosure of user information", 
        "available": "iTunes Producer 3.1.1, OS X v10.6 and later (64 bit), Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit)", 
        "description": "An information disclosure issue existed in the parsing of EPUB. This issue was addressed through improved parsing.", 
        "update": null, 
        "module": "iTMSTransporter", 
        "id": "CVE-2016-7666", 
        "credit": "Craig Arendt of Stratum Security", 
        "page": "https://support.apple.com/kb/HT207432"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of user information", 
        "available": "Windows 7 and later", 
        "description": "An input validation issue was addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4613", 
        "credit": "Chris Palmer", 
        "page": "https://support.apple.com/kb/HT207274"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-7578", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207274"
    }, 
    {
        "impact": "Running the iCloud installer in an untrusted directory may result in arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A dynamic library loading issue existed in iCloud setup. This was addressed through improved path searching.", 
        "update": "November 27, 2016", 
        "module": "iCloud", 
        "id": "CVE-2016-7583", 
        "credit": "Nitesh Kumar Shilpkar", 
        "page": "https://support.apple.com/kb/HT207273"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2016-1669", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2016-0705", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2016-0797", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2016-0702", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2016-2086", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2016-2216", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2015-8027", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2015-3193", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2015-3194", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0.", 
        "update": null, 
        "module": "IDE Xcode Server", 
        "id": "CVE-2015-6764", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207268"
    }, 
    {
        "impact": "A signed executable may substitute code with the same team ID", 
        "available": "All Apple Watch models", 
        "description": "A validation issue existed in the handling of code signatures. This issue was addressed through additional validation.", 
        "update": "December 6, 2016", 
        "module": "AppleMobileFileIntegrity", 
        "id": "CVE-2016-7584", 
        "credit": "Mark Mentovai and Boris Vidolov of Google Inc.", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "Viewing a maliciously crafted JPEG file may lead to arbitrary code execution", 
        "available": "All Apple Watch models", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "CoreGraphics", 
        "id": "CVE-2016-4673", 
        "credit": "Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "Parsing a maliciously crafted font may disclose sensitive user information", 
        "available": "All Apple Watch models", 
        "description": "An out-of-bounds read was addressed through improved bounds checking.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2016-4660", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "All Apple Watch models", 
        "description": "A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.", 
        "update": "November 27, 2016", 
        "module": "FontParser", 
        "id": "CVE-2016-4688", 
        "credit": "Simon Huang of Alipay company, thelongestusernameofall@gmail.com", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel", 
        "available": "All Apple Watch models", 
        "description": "Multiple input validation issues existed in MIG generated code. These issues were addressed through improved validation.", 
        "update": "November 2, 2016", 
        "module": "Kernel", 
        "id": "CVE-2016-4669", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "An application may be able to disclose kernel memory", 
        "available": "All Apple Watch models", 
        "description": "A validation issue was addressed through improved input sanitization.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4680", 
        "credit": "Max Bazaliy of Lookout and in7egral", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "A local application may be able to execute arbitrary code with root privileges", 
        "available": "All Apple Watch models", 
        "description": "Multiple object lifetime issues existed when spawning new processes. These were addressed through improved validation.", 
        "update": "November 1, 2016", 
        "module": "Kernel", 
        "id": "CVE-2016-7613", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "A malicious archive may be able to overwrite arbitrary files", 
        "available": "All Apple Watch models", 
        "description": "An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.", 
        "update": null, 
        "module": "libarchive", 
        "id": "CVE-2016-4679", 
        "credit": "Omer Medan of enSilo Ltd", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with root privileges", 
        "available": "All Apple Watch models", 
        "description": "A logic issue was addressed through additional restrictions.", 
        "update": null, 
        "module": "libxpc", 
        "id": "CVE-2016-4675", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "An application may be able to retrieve metadata of photo directories", 
        "available": "All Apple Watch models", 
        "description": "An access issue was addressed through additional sandbox restrictions on third party applications.", 
        "update": null, 
        "module": "Sandbox Profiles", 
        "id": "CVE-2016-4664", 
        "credit": "Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "An application may be able to retrieve metadata of audio recording directories", 
        "available": "All Apple Watch models", 
        "description": "An access issue was addressed through additional sandbox restrictions on third party applications.", 
        "update": null, 
        "module": "Sandbox Profiles", 
        "id": "CVE-2016-4665", 
        "credit": "Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)", 
        "page": "https://support.apple.com/kb/HT207269"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "Apple TV (4th generation)", 
        "description": "A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.", 
        "update": null, 
        "module": "CFNetwork Proxies", 
        "id": "CVE-2016-7579", 
        "credit": "Jerry Decime", 
        "page": "https://support.apple.com/kb/HT207270"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4666", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207270"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4677", 
        "credit": "An anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207270"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6", 
        "description": "A memory corruption issue was addressed through improved lock state checking.", 
        "update": null, 
        "module": "AppleGraphicsControl", 
        "id": "CVE-2016-4662", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "A local user may be able to elevate privileges", 
        "available": "macOS Sierra 10.12", 
        "description": "A null pointer dereference was addressed through improved locking.", 
        "update": null, 
        "module": "AppleSMC", 
        "id": "CVE-2016-4678", 
        "credit": "daybreaker@Minionz working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "macOS Sierra 10.12", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": "October 27, 2016", 
        "module": "ATS", 
        "id": "CVE-2016-4667", 
        "credit": "Simon Huang of alipay, Thelongestusernameofall@gmail.com, Moony Li of TrendMicro, @Flyic", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with additional privileges", 
        "available": "macOS Sierra 10.12", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "ATS", 
        "id": "CVE-2016-4674", 
        "credit": "Shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "Viewing a maliciously crafted JPEG file may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11.6", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": "October 25, 2016", 
        "module": "Core Image", 
        "id": "CVE-2016-4681", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated", 
        "available": "macOS Sierra 10.12", 
        "description": "User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved protocol logic.", 
        "update": "October 27, 2016", 
        "module": "FaceTime", 
        "id": "CVE-2016-7577", 
        "credit": "Martin Vigo (@martin_vigo) of salesforce.com", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to trick a user on a multi-party call into believing they are talking to the other party", 
        "available": "macOS Sierra 10.12", 
        "description": "An impersonation issue existed in the handling of call switching. This issue was addressed through improved handling of \"switch caller\" notifications.", 
        "update": "October 27, 2016", 
        "module": "IDS - Connectivity", 
        "id": "CVE-2016-4721", 
        "credit": "Martin Vigo (@martin_vigo) of salesforce.com", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "Parsing a maliciously crafted PDF may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11.6", 
        "description": "An out-of-bounds write was addressed through improved bounds checking.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-4671", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab, Juwei Lin (@fuzzerDOTcn)", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "Processing a maliciously crafted image may result in the disclosure of process memory", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6", 
        "description": "An out-of-bounds read issue existed in the SGI image parsing. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-4682", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11.6", 
        "description": "Multiple out-of-bounds read and write issues exited in SGI parsing. These issues was addressed through improved input validation.", 
        "update": "October 25, 2016", 
        "module": "ImageIO", 
        "id": "CVE-2016-4683", 
        "credit": "Ke Liu of Tencent\u2019s Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": "macOS Sierra 10.12", 
        "description": "An issue existed in the parsing of disk images. This issue was addressed through improved validation.", 
        "update": null, 
        "module": "ntfs", 
        "id": "CVE-2016-4661", 
        "credit": "Recurity Labs on behalf of BSI (German Federal Office for Information Security)", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "NVIDIA Graphics Drivers", 
        "id": "CVE-2016-4663", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "A local attacker can observe the length of a login password when a user logs in", 
        "available": "macOS Sierra 10.12", 
        "description": "A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.", 
        "update": "October 25, 2016", 
        "module": "Security", 
        "id": "CVE-2016-4670", 
        "credit": "Daniel Jalkut of Red Sweater Software", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "macOS Sierra 10.12", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": "November 29, 2016", 
        "module": "Thunderbolt", 
        "id": "CVE-2016-4780", 
        "credit": "sweetchip of Grayhash", 
        "page": "https://support.apple.com/kb/HT207275"
    }, 
    {
        "impact": "An application may be able to maintain access to the Address Book after access is revoked in Settings", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An access control issue in the Address Book was addressed through improved file-link validation.", 
        "update": null, 
        "module": "Contacts", 
        "id": "CVE-2016-4686", 
        "credit": "Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)", 
        "page": "https://support.apple.com/kb/HT207271"
    }, 
    {
        "impact": "An attacker with access to an encrypted iTunes backup may be able to determine the backup password", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A password hashing weakness existed in the handling of encrypted iTunes backups. This issue was addressed by removing the weak hash.", 
        "update": "November 14, 2016", 
        "module": "iTunes Backup", 
        "id": "CVE-2016-4685", 
        "credit": "Elcomsoft", 
        "page": "https://support.apple.com/kb/HT207271"
    }, 
    {
        "impact": "A malicious website may be able to cause a denial-of-service", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A denial of service issue was addressed through improved URL handling.", 
        "update": "December 1, 2016", 
        "module": "Safari", 
        "id": "CVE-2016-7581", 
        "credit": "Sabri Haddouche (@pwnsdx)", 
        "page": "https://support.apple.com/kb/HT207271"
    }, 
    {
        "impact": "Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution", 
        "available": "macOS 10.12 and later", 
        "description": "A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling.", 
        "update": "April 3, 2017", 
        "module": "Pages, Numbers, and Keynote", 
        "id": "CVE-2016-7672", 
        "credit": "Reno Robert", 
        "page": "https://support.apple.com/kb/HT207623"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4762", 
        "credit": "Zheng Huang of Baidu Security Lab", 
        "page": "https://support.apple.com/kb/HT207147"
    }, 
    {
        "impact": "A remote attacker may be able to proxy traffic through an arbitrary server", 
        "available": "macOS Sierra 10.12", 
        "description": "An issue existed in the handling of the HTTP_PROXY environment variable. This issue was addressed by not setting the HTTP_PROXY environment variable from CGI.", 
        "update": null, 
        "module": "apache", 
        "id": "CVE-2016-4694", 
        "credit": "Dominic Scheirlinck and Scott Geary of Vend", 
        "page": "https://support.apple.com/kb/HT207171"
    }, 
    {
        "impact": "An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm", 
        "available": "macOS Sierra 10.12", 
        "description": "RC4 was removed as a supported cipher.", 
        "update": null, 
        "module": "ServerDocs Server", 
        "id": "CVE-2016-4754", 
        "credit": "Pepi Zawodsky", 
        "page": "https://support.apple.com/kb/HT207171"
    }, 
    {
        "impact": "Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple validation issues were addressed through improved input sanitization.", 
        "update": "September 23, 2016", 
        "module": "Safari Reader", 
        "id": "CVE-2016-4618", 
        "credit": "Erling Ellingsen", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Visiting a malicious website may lead to address bar spoofing", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "A state management issue existed in the handling of tab sessions. This issue was addressed through session state management.", 
        "update": null, 
        "module": "Safari Tabs", 
        "id": "CVE-2016-4751", 
        "credit": "Daniel Chatfield of Monzo Bank", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "A parsing issue existed in the handling of error prototypes. This was addressed through improved validation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4728", 
        "credit": "Daniel Divricean", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may leak sensitive data", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4758", 
        "credit": "Masato Kinugawa of Cure53", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4611", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4729", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4730", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4731", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4734", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4735", 
        "credit": "Andr\u00e9 Bargull", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4737", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4759", 
        "credit": "Tongbo Luo of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4766", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4767", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4768", 
        "credit": "Anonymous working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4769", 
        "credit": "Tongbo Luo of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "A malicious website may be able to access non-HTTP services", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4760", 
        "credit": "Jordan Milne", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4733", 
        "credit": "Natalie Silvanovich of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4765", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4763", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12", 
        "description": "Multiple memory corruption issues were addressed through improved state management.", 
        "update": "November 3, 2016", 
        "module": "WebKit", 
        "id": "CVE-2016-4764", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207157"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5768", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5769", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5770", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5771", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5772", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5773", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6174", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6288", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6289", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6290", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6291", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6292", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6294", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6295", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6296", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in PHP, the most significant of which may lead to unexpected application termination or arbitrary code execution.", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple issues in PHP were addressed by updating PHP to version 5.6.24.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-6297", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Apple HSSPI Support", 
        "id": "CVE-2016-4697", 
        "credit": "Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "AppleEFIRuntime", 
        "id": "CVE-2016-4696", 
        "credit": "Shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A validation issue existed in the task port inheritance policy. This issue was addressed through improved validation of the process entitlement and Team ID.", 
        "update": null, 
        "module": "AppleMobileFileIntegrity", 
        "id": "CVE-2016-4698", 
        "credit": "Pedro Vila\u00e7a", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved input validation.", 
        "update": null, 
        "module": "AppleUUC", 
        "id": "CVE-2016-4699", 
        "credit": "Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved input validation.", 
        "update": null, 
        "module": "AppleUUC", 
        "id": "CVE-2016-4700", 
        "credit": "Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to cause a denial of service", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A validation issue existed in the handling of firewall prompts. This issue was addressed through improved validation of SO_EXECPATH.", 
        "update": null, 
        "module": "Application Firewall", 
        "id": "CVE-2016-4701", 
        "credit": "Meder Kydyraliev Google Security Team", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "ATS", 
        "id": "CVE-2016-4779", 
        "credit": "riusksk of Tencent Security Platform Department", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-4702", 
        "credit": "YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park, and Taekyoung Kwon of Information Security Lab, Yonsei University.", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Bluetooth", 
        "id": "CVE-2016-4703", 
        "credit": "Juwei Lin (@fuzzerDOTcn) of Trend Micro", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An input validation issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "cd9660", 
        "id": "CVE-2016-4706", 
        "credit": "Recurity Labs on behalf of BSI (German Federal Office for Information Security)", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to discover websites a user has visited", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An issue existed in Local Storage deletion. This issue was addressed through improved Local Storage cleanup.", 
        "update": null, 
        "module": "CFNetwork", 
        "id": "CVE-2016-4707", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Processing maliciously crafted web content may compromise user information", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An input validation issue existed in the parsing of the set-cookie header. This issue was addressed through improved validation checking.", 
        "update": null, 
        "module": "CFNetwork", 
        "id": "CVE-2016-4708", 
        "credit": "Dawid Czagan of Silesia Security Lab", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application using CCrypt may disclose sensitive plaintext if the output and input buffer are the same", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An input validation issue existed in corecrypto. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "CommonCrypto", 
        "id": "CVE-2016-4711", 
        "credit": "Max Lohrmann", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An out-of-bounds write issue was addressed by removing the vulnerable code.", 
        "update": null, 
        "module": "CoreCrypto", 
        "id": "CVE-2016-4712", 
        "credit": "Gergo Koteles", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A user with screen sharing access may be able to view another user's screen", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A session management issue existed in the handling of screen sharing sessions. This issue was addressed through improved session tracking.", 
        "update": null, 
        "module": "CoreDisplay", 
        "id": "CVE-2016-4713", 
        "credit": "Ruggero Alberti", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in curl", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple security issues existed in curl prior to version 7.49.1. These issues were addressed by updating curl to version 7.49.1.", 
        "update": null, 
        "module": "curl", 
        "id": "CVE-2016-0755", 
        "credit": "Isaac Boukris", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A malicious application may be able to determine a user's current location", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An issue existed in the handling of the .GlobalPreferences file. This was addressed though improved validation.", 
        "update": null, 
        "module": "Date & Time Pref Pane", 
        "id": "CVE-2016-4715", 
        "credit": "Taiki (@Taiki__San) at ESIEA (Paris)", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with system privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An access issue existed in diskutil. This issue was addressed through improved permissions checking.", 
        "update": null, 
        "module": "DiskArbitration", 
        "id": "CVE-2016-4716", 
        "credit": "Alexander Allen of The North Carolina School of Science and Mathematics", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local application may be able to cause a denial of service", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A resource management issue existed in the handling of scoped bookmarks. This issue was addressed through improved file descriptor handling.", 
        "update": null, 
        "module": "File Bookmark", 
        "id": "CVE-2016-4717", 
        "credit": "Tom Bradley of 71Squared Ltd", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Processing a maliciously crafted font may result in the disclosure of process memory", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2016-4718", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to cause a denial of service", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A spoofing issue existed in the handling of Call Relay. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "IDS - Connectivity", 
        "id": "CVE-2016-4722", 
        "credit": "Martin Vigo (@martin_vigo) of salesforce.com", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-4723", 
        "credit": "daybreaker of Minionz", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A use after free issue was addressed through improved memory management.", 
        "update": "November 14, 2016", 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-7582", 
        "credit": "Liang Chen of Tencent KeenLab", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-4724", 
        "credit": "Cererdlong, Eakerqiu of Team OverSky", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-4725", 
        "credit": "Rodger Combs of Plex, Inc", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-4726", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOThunderboltFamily", 
        "id": "CVE-2016-4727", 
        "credit": "wmin working with Trend Micros Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A remote attacker may determine the existence of user accounts", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A timing side channel allowed an attacker to determine the existence of user accounts on a system. This issue was addressed by introducing constant time checks.", 
        "update": null, 
        "module": "Kerberos v5 PAM module", 
        "id": "CVE-2016-4745", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local application may be able to access restricted files", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A parsing issue in the handling of directory paths was addressed through improved path validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4771", 
        "credit": "Balazs Bucsay, Research Director of MRG Effitas", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A remote attacker may be able to cause a denial of service", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A lock handling issue was addressed through improved lock handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4772", 
        "credit": "Marc Heuse of mh-sec", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4773", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4774", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple out-of-bounds read issues existed that led to the disclosure of kernel memory. These were addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4776", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4775", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An untrusted pointer dereference was addressed by removing the affected code.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4777", 
        "credit": "Lufeng Li of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4778", 
        "credit": "CESG", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in libarchive", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.", 
        "update": null, 
        "module": "libarchive", 
        "id": "CVE-2016-4736", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-4658", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Multiple issues in libxml2, the most significant of which may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-5131", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to break out of its sandbox", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Multiple weaknesses existed with spawning new processes using launchctl. These issues were addressed through improved policy enforcement.", 
        "update": "October 24, 2016", 
        "module": "libxpc", 
        "id": "CVE-2016-4617", 
        "credit": "Gregor Kopf of Recurity Labs on behalf of BSI (German Federal Office for Information Security)", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "libxslt", 
        "id": "CVE-2016-4738", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A malicious website may be able to cause a denial-of-service", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A denial of service issue was addressed through improved URL handling.", 
        "update": "December 1, 2016", 
        "module": "Mail", 
        "id": "CVE-2016-7580", 
        "credit": "Sabri Haddouche (@pwnsdx)", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A remote attacker may be able to view sensitive information", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "Applications using VMnet.framework enabled a DNS proxy listening on all network interfaces. This issue was addressed by restricting DNS query responses to local interfaces.", 
        "update": null, 
        "module": "mDNSResponder", 
        "id": "CVE-2016-4739", 
        "credit": "Magnus Skjegstad, David Scott and Anil Madhavapeddy from Docker, Inc.", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A malicious application may be able to leak a user's credentials", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A state management issue existed in NSSecureTextField, which failed to enable Secure Input. This issue was addressed through improved window management.", 
        "update": null, 
        "module": "NSSecureTextField", 
        "id": "CVE-2016-4742", 
        "credit": "Rick Fillion of AgileBits, Daniel Jalkut of Red Sweater Software", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to bypass the taint protection mechanism", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "An issue existed in the parsing of environment variables. This issue was addressed through improved validation of environment variables.", 
        "update": null, 
        "module": "Perl", 
        "id": "CVE-2016-4748", 
        "credit": "Stephane Chazelas", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "S2 Camera", 
        "id": "CVE-2016-4750", 
        "credit": "Jack Tang (@jacktang310) and Moony Li of Trend Micro working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application using SecKeyDeriveFromPassword may leak memory", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A resource management issue existed in the handling of key derivation. This issue was addressed by adding CF_RETURNS_RETAINED to SecKeyDeriveFromPassword.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-4752", 
        "credit": "Mark Rogers of PowerMapper Software", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A validation issue existed in signed disk images. This issue was addressed through improved size validation.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-4753", 
        "credit": "Mark Mentovai of Google Inc.", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to leak sensitive user information", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A permissions issue existed in .bash_history and .bash_session. This issue was addressed through improved access restrictions.", 
        "update": null, 
        "module": "Terminal", 
        "id": "CVE-2016-4755", 
        "credit": "Axel Luttgens", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to gain root privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": "November 15, 2016", 
        "module": "WindowServer", 
        "id": "CVE-2016-4709", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "A local user may be able to gain root privileges", 
        "available": "OS X Lion v10.7.5 and later", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": "November 15, 2016", 
        "module": "WindowServer", 
        "id": "CVE-2016-4710", 
        "credit": "an anonymous researcher working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT207170"
    }, 
    {
        "impact": "An application may be able to read sensitive location information", 
        "available": "All Apple Watch models", 
        "description": "A permissions issue existed in PlaceData. This issue was addressed through improved permission validation.", 
        "update": null, 
        "module": "GeoServices", 
        "id": "CVE-2016-4719", 
        "credit": "Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)", 
        "page": "https://support.apple.com/kb/HT207141"
    }, 
    {
        "impact": "App extensions may obtain internet access", 
        "available": "All Apple Watch models", 
        "description": "Multiple policy enforcement issues with WiFi sharing. These issues were addressed with improved entitlement checks.", 
        "update": "May 17, 2017", 
        "module": "WiFi Manager", 
        "id": "CVE-2016-7699", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT207141"
    }, 
    {
        "impact": "A local attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "otool", 
        "id": "CVE-2016-4704", 
        "credit": "Shrek_wzw of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT207140"
    }, 
    {
        "impact": "A local attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11.5 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "otool", 
        "id": "CVE-2016-4705", 
        "credit": "riusksk of Tencent Security Platform Department", 
        "page": "https://support.apple.com/kb/HT207140"
    }, 
    {
        "impact": "An application may be able to disclose kernel memory", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "A validation issue was addressed through improved input sanitization.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4655", 
        "credit": "Citizen Lab and Lookout", 
        "page": "https://support.apple.com/kb/HT207145"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to block a device from receiving software updates", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An issue existed in iOS updates, which did not properly secure user communications. This issue was addressed by using HTTPS for software updates.", 
        "update": null, 
        "module": "Assets", 
        "id": "CVE-2016-4741", 
        "credit": "Raul Siles of DinoSec", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "Keyboard auto correct suggestions may reveal sensitive information", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "The iOS keyboard was inadvertently caching sensitive information. This issue was addressed through improved heuristics.", 
        "update": null, 
        "module": "Keyboards", 
        "id": "CVE-2016-4746", 
        "credit": "Antoine M of France", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "An attacker with a privileged network position may be able to intercept mail credentials", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An issue existed when handling untrusted certificates. This was addressed by terminating untrusted connections.", 
        "update": null, 
        "module": "Mail", 
        "id": "CVE-2016-4747", 
        "credit": "Dave Aitel", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "Messages may be visible on a device that has not signed in to Messages", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An issue existed when using Handoff for Messages. This issue was resolved via better state management.", 
        "update": null, 
        "module": "Messages", 
        "id": "CVE-2016-4740", 
        "credit": "Step Wallace", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "An unencrypted document may be written to a temporary file when using AirPrint preview", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An issue existed in AirPrint preview. This was addressed through improved environment sanitization.", 
        "update": null, 
        "module": "Printing UIKit", 
        "id": "CVE-2016-4749", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "A malicious application may be able to determine whom a user is texting", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An access control issue existed in SMS draft directories. This issue was addressed by preventing apps from stat'ing the affected directories.", 
        "update": null, 
        "module": "Sandbox Profiles", 
        "id": "CVE-2016-4620", 
        "credit": "Razvan Deaconescu, Mihai Chiroiu (University POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi (TU Darmstadt)", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "Sensitive data may be exposed in application snapshots presented in the Task Switcher", 
        "available": "iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later", 
        "description": "An issue existed in Springboard which displayed cached snapshots containing sensitive data in the Task Switcher. This issue was addressed by displaying updated snapshots.", 
        "update": "January 17, 2017", 
        "module": "Springboard", 
        "id": "CVE-2016-7759", 
        "credit": "Fatma Y\u0131lmaz of Ptt Genel M\u00fcd\u00fcrl\u00fc\u011f\u00fc from Ankara", 
        "page": "https://support.apple.com/kb/HT207143"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4656", 
        "credit": "Citizen Lab and Lookout", 
        "page": "https://support.apple.com/kb/HT207130"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4657", 
        "credit": "Citizen Lab and Lookout", 
        "page": "https://support.apple.com/kb/HT207131"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOMobileFrameBuffer", 
        "id": "CVE-2016-4654", 
        "credit": "Team Pangu", 
        "page": "https://support.apple.com/kb/HT207026"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2015-8317 ", 
        "credit": "Hanno Boeck", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-1836 ", 
        "credit": "Wei Lei and Liu Yang of Nanyang Technological University", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-4447 ", 
        "credit": "Wei Lei and Liu Yang of Nanyang Technological University", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-4448 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-4483 ", 
        "credit": "Gustavo Grieco", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-4614 ", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-4615 ", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxml2", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "June 4, 2017", 
        "module": "libxml2", 
        "id": "CVE-2016-4616 ", 
        "credit": "Michael Paddon", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Parsing a maliciously crafted XML document may lead to disclosure of user information", 
        "available": "Windows 7 and later", 
        "description": "An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-4449 ", 
        "credit": "Kostya Serebryany", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxslt", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "April 11, 2017", 
        "module": "libxslt", 
        "id": "CVE-2016-1683 ", 
        "credit": "Nicolas Gr\u00e9goire", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxslt", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "April 11, 2017", 
        "module": "libxslt", 
        "id": "CVE-2016-1684 ", 
        "credit": "Nicolas Gr\u00e9goire", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxslt", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "April 11, 2017", 
        "module": "libxslt", 
        "id": "CVE-2016-4607 ", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxslt", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "April 11, 2017", 
        "module": "libxslt", 
        "id": "CVE-2016-4608 ", 
        "credit": "Nicolas Gr\u00e9goire", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxslt", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "April 11, 2017", 
        "module": "libxslt", 
        "id": "CVE-2016-4609 ", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Multiple vulnerabilities in libxslt", 
        "available": "Windows 7 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": "April 11, 2017", 
        "module": "libxslt", 
        "id": "CVE-2016-4610 ", 
        "credit": "Nick Wellnhofer", 
        "page": "https://support.apple.com/kb/HT206899"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4589 ", 
        "credit": "Tongbo Luo and Bo Qu of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4622 ", 
        "credit": "Samuel Gross working with Trend Micro's Zero Day", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4623 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4624 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4586 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a malicious website may disclose image data from another website", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "A timing issue existed in the processing of SVG. This issue was addressed through improved validation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4583 ", 
        "credit": "Roeland Krak", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted webpage may lead to a system denial of service", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "A memory consumption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4592 ", 
        "credit": "Mikhail", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may leak sensitive data", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4591 ", 
        "credit": "ma.la of LINE Corporation", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a malicious website may lead to user interface spoofing", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4590 ", 
        "credit": "xisigr of Tencent's Xuanwu Lab (www.tencent.com)", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling scripts and plugins on resources loaded over HTTP/0.9.", 
        "update": null, 
        "module": "WebKit JavaScript Bindings", 
        "id": "CVE-2016-4651 ", 
        "credit": "Obscure", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "A malicious website may exfiltrate data cross-origin", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.", 
        "update": null, 
        "module": "WebKit Page Loading", 
        "id": "CVE-2016-4585 ", 
        "credit": "Takeshi Terada of Mitsui Bussan Secure Directions, Inc. (www.mbsd.jp)", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit Page Loading", 
        "id": "CVE-2016-4584 ", 
        "credit": "Chris Vienneau", 
        "page": "https://support.apple.com/kb/HT206900"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "Apple TV (4th generation)", 
        "description": "A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.", 
        "update": null, 
        "module": "CFNetwork Credentials", 
        "id": "CVE-2016-4644 ", 
        "credit": "Jerry Decime coordinated via CERT", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "Apple TV (4th generation)", 
        "description": "A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.", 
        "update": null, 
        "module": "CFNetwork Proxies", 
        "id": "CVE-2016-4643 ", 
        "credit": "Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "An application may unknowingly send a password unencrypted over the network", 
        "available": "Apple TV (4th generation)", 
        "description": "Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.", 
        "update": null, 
        "module": "CFNetwork Proxies", 
        "id": "CVE-2016-4642 ", 
        "credit": "Jerry Decime coordinated via CERT", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "Apple TV (4th generation)", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "CoreGraphics", 
        "id": "CVE-2016-4637 ", 
        "credit": "Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A remote attacker may be able to cause a denial of service", 
        "available": "Apple TV (4th generation)", 
        "description": "A memory consumption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-4632 ", 
        "credit": "Evgeny Sidorov of Yandex", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-4631 ", 
        "credit": "Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "Processing a maliciously crafted image may lead to arbitrary code execution", 
        "available": "Apple TV (4th generation)", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": "November 30, 2017", 
        "module": "ImageIO", 
        "id": "CVE-2016-7705", 
        "credit": "Craig Young of Tripwire VERT", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple TV (4th generation)", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-4627 ", 
        "credit": "Ju Zhu of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple TV (4th generation)", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-4626 ", 
        "credit": "Stefan Esser of SektionEins", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1863 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4653 ", 
        "credit": "Ju Zhu of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-4582 ", 
        "credit": "Shrek_wzw and Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "Apple TV (4th generation)", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1865 ", 
        "credit": "CESG, Marco Grassi (@marcograss) of KeenLab(@keen_lab), Tencent", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local application may be able to access the process list", 
        "available": "Apple TV (4th generation)", 
        "description": "An access issue existed with privileged API calls. This issue was addressed through additional restrictions.", 
        "update": null, 
        "module": "Sandbox Profiles", 
        "id": "CVE-2016-4594 ", 
        "credit": "Stefan Esser of SektionEins", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple TV (4th generation)", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4588 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "Processing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "Apple TV (4th generation)", 
        "description": "A memory initialization issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-4587 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206905"
    }, 
    {
        "impact": "A local user may be able to read kernel memory", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "An out-of-bounds read was addressed through improved bounds checking.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-4628 ", 
        "credit": "Ju Zhu of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206904"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": "July 29, 2016", 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-4650 ", 
        "credit": "Peter Pi of Trend Micro working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206904"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "A buffer overflow existed within the \"link_ntoa()\" function in linkaddr.c. This issue was addressed through additional bounds checking.", 
        "update": "January 10, 2017", 
        "module": "Libc", 
        "id": "CVE-2016-6559 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206904"
    }, 
    {
        "impact": "A maliciously crafted calendar invite may cause a device to unexpectedly restart", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A null pointer dereference was addressed through improved memory handling.", 
        "update": null, 
        "module": "Calendar", 
        "id": "CVE-2016-4605 ", 
        "credit": "Henry Feldman MD at Beth Israel Deaconess Medical Center", 
        "page": "https://support.apple.com/kb/HT206902"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.", 
        "update": null, 
        "module": "FaceTime", 
        "id": "CVE-2016-4635 ", 
        "credit": "Martin Vigo", 
        "page": "https://support.apple.com/kb/HT206902"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with kernel privileges", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.", 
        "update": "September 27, 2016", 
        "module": "GasGauge", 
        "id": "CVE-2016-7576 ", 
        "credit": "qwertyoruiop", 
        "page": "https://support.apple.com/kb/HT206902"
    }, 
    {
        "impact": "Visiting a malicious website may lead to user interface spoofing", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.", 
        "update": null, 
        "module": "Safari", 
        "id": "CVE-2016-4604 ", 
        "credit": "xisigr of Tencent's Xuanwu Lab (www.tencent.com)", 
        "page": "https://support.apple.com/kb/HT206902"
    }, 
    {
        "impact": "A person with physical access to a device may be able to see private contact information", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.", 
        "update": null, 
        "module": "Siri Contacts", 
        "id": "CVE-2016-4593 ", 
        "credit": "Pedro Pinheiro (facebook.com/pedro.pinheiro.1996)", 
        "page": "https://support.apple.com/kb/HT206902"
    }, 
    {
        "impact": "Viewing a video in Safari's Private Browsing mode displays the URL of the video outside of Private Browsing mode", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A privacy issue existed in the handling of user data by Safari View Controller. This issue was addressed through improved state management.", 
        "update": null, 
        "module": "Web Media", 
        "id": "CVE-2016-4603 ", 
        "credit": "Brian Porter (@portex33)", 
        "page": "https://support.apple.com/kb/HT206902"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5093", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5094", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-5096", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2013-7456", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to cause a system denial of service", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-4649 ", 
        "credit": "Juwei Lin(@fuzzerDOTcn) of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-4647 ", 
        "credit": "Juwei Lin(@fuzzerDOTcn) of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An out-of-bounds read was addressed through improved input validation.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-4648 ", 
        "credit": "Juwei Lin(@fuzzerDOTcn) of Trend Micro; Jack Tang and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Parsing a maliciously crafted audio file may lead to the disclosure of user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An out-of-bounds read was addressed through improved bounds checking.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-4646 ", 
        "credit": "Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An integer overflow existed in bspatch. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "bsdiff", 
        "id": "CVE-2014-9862 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to view sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions.", 
        "update": null, 
        "module": "CFNetwork", 
        "id": "CVE-2016-4645 ", 
        "credit": "Abhinav Bansal of Zscaler Inc.", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to elevate privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.", 
        "update": null, 
        "module": "CoreGraphics", 
        "id": "CVE-2016-4652 ", 
        "credit": "Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Graphics Drivers", 
        "id": "CVE-2016-4634 ", 
        "credit": "Stefan Esser of SektionEins", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-4629 ", 
        "credit": "Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-4630 ", 
        "credit": "Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports)", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted image may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": "November 30, 2017", 
        "module": "ImageIO", 
        "id": "CVE-2016-7705 ", 
        "credit": "Craig Young of Tripwire VERT", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-4633 ", 
        "credit": "Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A use-after-free was addressed through improved memory management.", 
        "update": null, 
        "module": "IOSurface", 
        "id": "CVE-2016-4625 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with root privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libc++abi", 
        "id": "CVE-2016-4621 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libexpat", 
        "id": "CVE-2016-0718 ", 
        "credit": "Gustavo Grieco", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.", 
        "update": null, 
        "module": "LibreSSL", 
        "id": "CVE-2016-2108 ", 
        "credit": "Huzaifa Sidhpurwala (Red Hat), Hanno B\u00f6ck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.", 
        "update": null, 
        "module": "LibreSSL", 
        "id": "CVE-2016-2109 ", 
        "credit": "Brian Carpenter", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A malicious application may be able to gain root privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Login Window", 
        "id": "CVE-2016-4638 ", 
        "credit": "Yubin Fu of Tencent KeenLab working with TrendMicro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code leading to compromise of user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": "November 16, 2016", 
        "module": "Login Window", 
        "id": "CVE-2016-4640 ", 
        "credit": "an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code leading to the compromise of user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Login Window", 
        "id": "CVE-2016-4641 ", 
        "credit": "Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A local user may be able to cause a denial of service", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory initialization issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Login Window", 
        "id": "CVE-2016-4639 ", 
        "credit": "Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.", 
        "update": null, 
        "module": "OpenSSL", 
        "id": "CVE-2016-2105 ", 
        "credit": "Guido Vranken", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.", 
        "update": null, 
        "module": "OpenSSL", 
        "id": "CVE-2016-2106 ", 
        "credit": "Guido Vranken", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.", 
        "update": null, 
        "module": "OpenSSL", 
        "id": "CVE-2016-2107 ", 
        "credit": "Juraj Somorovsky", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.", 
        "update": null, 
        "module": "OpenSSL", 
        "id": "CVE-2016-2176 ", 
        "credit": "Guido Vranken", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted SGI file may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4601 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4599 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4596 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4597 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4600 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4602 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "Processing a maliciously crafted image may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-4598 ", 
        "credit": "Ke Liu of Tencent's Xuanwu Lab", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A user's password may be visible on screen", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields.", 
        "update": null, 
        "module": "Safari Login AutoFill", 
        "id": "CVE-2016-4595 ", 
        "credit": "Jonathan Lewis from DeARX Services (PTY) LTD", 
        "page": "https://support.apple.com/kb/HT206903"
    }, 
    {
        "impact": "A remote attacker may be able to cause arbitrary code execution", 
        "available": "AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n; AirPort Extreme and AirPort Time Capsule base stations with 802.11ac", 
        "description": "A memory corruption issue existed in DNS data parsing. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "AirPort Base Station Firmware", 
        "id": "CVE-2015-7029 ", 
        "credit": "Alexandre Helie", 
        "page": "https://support.apple.com/kb/HT206849"
    }, 
    {
        "impact": "Running the iTunes installer in an untrusted directory may result in arbitrary code execution", 
        "available": "Windows 7 and later", 
        "description": "A dynamic library loading issue existed in iTunes setup. This was addressed through improved path searching.", 
        "update": null, 
        "module": "iTunes", 
        "id": "CVE-2016-1742 ", 
        "credit": "Stefan Kanthak and YoKo Kho (yokoacc) of MII - Consulting & Advisory Svc. Dept.", 
        "page": "https://support.apple.com/kb/HT206379"
    }, 
    {
        "impact": "A user may be unable to fully delete browsing history", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "\"Clear History and Website Data\" did not clear the history. The issue was addressed through improved data deletion.", 
        "update": null, 
        "module": "Safari", 
        "id": "CVE-2016-1849 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "Visiting a malicious website may disclose data from another website", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1858 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1854 ", 
        "credit": "Anonymous working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1855 ", 
        "credit": "Tongbo Luo and Bo Qu of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1856 ", 
        "credit": "lokihardt working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1857 ", 
        "credit": "Jeonghoon Shin@A.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit Canvas", 
        "id": "CVE-2016-1859 ", 
        "credit": "Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206565"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "AMD", 
        "id": "CVE-2016-1792 ", 
        "credit": "beist and ABH of BoB", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "AMD", 
        "id": "CVE-2016-1791 ", 
        "credit": "daybreaker of Minionz", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2015-8865", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-3141", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-3142", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-4070", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-4071", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-4072", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Multiple vulnerabilities in PHP", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2016-4073", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "AppleGraphicsControl", 
        "id": "CVE-2016-1793 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "AppleGraphicsControl", 
        "id": "CVE-2016-1794 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "AppleGraphicsPowerManagement", 
        "id": "CVE-2016-1795 ", 
        "credit": "Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A local user may be able to leak sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An out of bounds memory access issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "ATS", 
        "id": "CVE-2016-1796 ", 
        "credit": "lokihardt working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator.", 
        "update": null, 
        "module": "ATS", 
        "id": "CVE-2016-1797 ", 
        "credit": "lokihardt working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-1798 ", 
        "credit": "Juwei Lin of TrendMicro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Audio", 
        "id": "CVE-2016-1799 ", 
        "credit": "Juwei Lin of TrendMicro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to execute arbitrary code with user assistance", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "A custom URL scheme handling issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Captive Network Assistant", 
        "id": "CVE-2016-1800 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.", 
        "update": null, 
        "module": "CFNetwork Proxies", 
        "id": "CVE-2016-1801 ", 
        "credit": "Alex Chapman and Paul Stone of Context Information Security", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A malicious application may be able to leak sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.", 
        "update": null, 
        "module": "CommonCrypto", 
        "id": "CVE-2016-1802 ", 
        "credit": "Klaus Rodewig", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "CoreCapture", 
        "id": "CVE-2016-1803 ", 
        "credit": "Ian Beer of Google Project Zero, daybreaker working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A configuration issue was addressed through additional restrictions.", 
        "update": null, 
        "module": "CoreStorage", 
        "id": "CVE-2016-1805 ", 
        "credit": "Stefan Esser", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with root privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A configuration issue was addressed through additional restrictions.", 
        "update": null, 
        "module": "Crash Reporter", 
        "id": "CVE-2016-1806 ", 
        "credit": "lokihardt working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A local attacker may be able to read kernel memory", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A race condition was addressed through improved locking.", 
        "update": null, 
        "module": "Disk Images", 
        "id": "CVE-2016-1807 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Disk Images", 
        "id": "CVE-2016-1808 ", 
        "credit": "Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Disk Utility failed to compress and encrypt disk images", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys.", 
        "update": null, 
        "module": "Disk Utility", 
        "id": "CVE-2016-1809 ", 
        "credit": "Ast A. Moore (@astamoore) and David Foster of TechSmartKids", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Graphics Drivers", 
        "id": "CVE-2016-1810 ", 
        "credit": "Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing a maliciously crafted image may lead to a denial of service", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2016-1811 ", 
        "credit": "Lander Brandt (@landaire)", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A buffer overflow was addressed through improved bounds checking.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-1812 ", 
        "credit": "Juwei Lin of TrendMicro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple access issues were addressed through additional restrictions.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-1860 ", 
        "credit": "Brandon Azad and Qidan He (@flanker_hqd) from KeenLab, Tencent", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple access issues were addressed through additional restrictions.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-1862 ", 
        "credit": "Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved locking.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1814 ", 
        "credit": "Juwei Lin of TrendMicro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1815 ", 
        "credit": "Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1817 ", 
        "credit": "Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1818", 
        "credit": "Juwei Lin of TrendMicro, sweetchip@GRAYHASH working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1819 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1813 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1816 ", 
        "credit": "Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A buffer overflow was addressed with improved bounds checking.", 
        "update": null, 
        "module": "IOAudioFamily", 
        "id": "CVE-2016-1820 ", 
        "credit": "Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "IOAudioFamily", 
        "id": "CVE-2016-1821 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOFireWireFamily", 
        "id": "CVE-2016-1822 ", 
        "credit": "CESG", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-1823 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-1824 ", 
        "credit": "Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-1825 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1827 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1828 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1829 ", 
        "credit": "CESG", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1830 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1831 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An integer overflow existed in dtrace. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1826 ", 
        "credit": "Ben Murphy working with Trend Micro\u2019s Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A local attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "libc", 
        "id": "CVE-2016-1832 ", 
        "credit": "Karl Williamson", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1833 ", 
        "credit": "Mateusz Jurczyk", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1834 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1835 ", 
        "credit": "Wei Lei and Liu Yang of Nanyang Technological University", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1837 ", 
        "credit": "Wei Lei and Liu Yang of Nanyang Technological University", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1838 ", 
        "credit": "Mateusz Jurczyk", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1839 ", 
        "credit": "Mateusz Jurczyk", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1840 ", 
        "credit": "Kostya Serebryany", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "libxslt", 
        "id": "CVE-2016-1841 ", 
        "credit": "Sebastian Apelt", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.", 
        "update": null, 
        "module": "MapKit", 
        "id": "CVE-2016-1842 : Richard Shupak (https://www.linkedin.com/in/rshupak)", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A malicious server or user may be able to modify another user's contact list", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A validation issue existed in roster changes. This issue was addressed through improved validation of roster sets.", 
        "update": null, 
        "module": "Messages", 
        "id": "CVE-2016-1844 ", 
        "credit": "Thijs Alkemade of Computest", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A remote attacker may be able to leak sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An encoding issue existed in filename parsing. This issue was addressed through improved filename encoding.", 
        "update": null, 
        "module": "Messages", 
        "id": "CVE-2016-1843 : Heige (a.k.a. SuperHei) of Knownsec 404 Security Team [http://www.knownsec.com]", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with system privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Multi-Touch", 
        "id": "CVE-2016-1804 ", 
        "credit": "Liang Chen, Yubin Fu, Marco Grassi of KeenLab, Tencent of Trend Micro's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "NVIDIA Graphics Drivers", 
        "id": "CVE-2016-1846 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "NVIDIA Graphics Drivers", 
        "id": "CVE-2016-1861 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "OpenGL", 
        "id": "CVE-2016-1847 ", 
        "credit": "Tongbo Luo and Bo Qu of Palo Alto Networks", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-1848 ", 
        "credit": "Francis Provencher from COSIG", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "SceneKit", 
        "id": "CVE-2016-1850 ", 
        "credit": "Tyler Bohan of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A person with physical access to a computer may be able to reset an expired password from the lock screen", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "An issue existed in the management of password profiles. This issue was addressed through improved password reset handling.", 
        "update": null, 
        "module": "Screen Lock", 
        "id": "CVE-2016-1851 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to leak sensitive user information", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A protocol security issue was addressed by disabling SSLv2.", 
        "update": null, 
        "module": "Tcl", 
        "id": "CVE-2016-1853 : researchers at Tel Aviv University, M\u00fcnster University of Applied Sciences, Ruhr University Bochum, the University of Pennsylvania, the Hashcat project, the University of Michigan, Two Sigma, Google, and the OpenSSL project: Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia K\u00e4sper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206567"
    }, 
    {
        "impact": "A malicious application may be able to leak sensitive user information", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An out-of-bounds read issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Accessibility", 
        "id": "CVE-2016-1790 ", 
        "credit": "Rapelly Akhil", 
        "page": "https://support.apple.com/kb/HT206568"
    }, 
    {
        "impact": "A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked.", 
        "update": null, 
        "module": "Siri", 
        "id": "CVE-2016-1852 ", 
        "credit": "videosdebarraquito", 
        "page": "https://support.apple.com/kb/HT206568"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A heap-based buffer overflow issue existed in the handling of filenames. This issue was addressed by updating git to version 2.7.4.", 
        "update": null, 
        "module": "Git", 
        "id": "CVE-2016-2324", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206338"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "A heap-based buffer overflow issue existed in the handling of filenames. This issue was addressed by updating git to version 2.7.4.", 
        "update": null, 
        "module": "Git", 
        "id": "CVE-2016-2315", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206338"
    }, 
    {
        "impact": "Parsing a maliciously crafted iBooks Author file may lead to disclosure of user information", 
        "available": "OS X Yosemite v10.10 or later", 
        "description": "An XML external entity reference issue existed with iBook Author parsing. This issue was addressed through improved parsing.", 
        "update": null, 
        "module": "iBooks Author", 
        "id": "CVE-2016-1789 ", 
        "credit": "Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)", 
        "page": "https://support.apple.com/kb/HT206224"
    }, 
    {
        "impact": "An administrator may unknowingly store backups on a volume without permissions enabled", 
        "available": "OS X El Capitan v10.11.4", 
        "description": "An issue in Time Machine server did not properly warn administrators if permissions were ignored when performing a server backup. This issue was addressed through improved warnings.", 
        "update": null, 
        "module": "Server App", 
        "id": "CVE-2016-1774 ", 
        "credit": "CJKApps", 
        "page": "https://support.apple.com/kb/HT206173"
    }, 
    {
        "impact": "An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm", 
        "available": "OS X El Capitan v10.11.4", 
        "description": "RC4 was removed as a supported cipher.", 
        "update": null, 
        "module": "Web Server", 
        "id": "CVE-2016-1777 ", 
        "credit": "Pepi Zawodsky", 
        "page": "https://support.apple.com/kb/HT206173"
    }, 
    {
        "impact": "A remote user may be able to view sensitive configuration information", 
        "available": "OS X El Capitan v10.11.4", 
        "description": "A file access issue existed in Apache with .DS_Store and .htaccess files. This issue was addressed through improved access restrictions.", 
        "update": null, 
        "module": "Web Server", 
        "id": "CVE-2016-1776 ", 
        "credit": "Shawn Pullum of University of California, Irvine", 
        "page": "https://support.apple.com/kb/HT206173"
    }, 
    {
        "impact": "Visiting a malicious website may lead to user interface spoofing", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "An issue existed where the text of a dialog included page-supplied text. This issue was addressed by no longer including that text.", 
        "update": null, 
        "module": "Safari", 
        "id": "CVE-2009-2197 ", 
        "credit": "Alexios Fakos of n.runs AG", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Visiting a maliciously crafted webpage may lead to a system denial of service", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "An insufficient input validation issue existed in the handling of certain files. This was addressed through additional checks during file expansion.", 
        "update": null, 
        "module": "Safari Downloads", 
        "id": "CVE-2016-1771 ", 
        "credit": "Russ Cox", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "A website may be able to track sensitive user information", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "A cookie storage issue existed in the Top Sites page. This issue was addressed through improved state management.", 
        "update": null, 
        "module": "Safari Top Sites", 
        "id": "CVE-2016-1772 ", 
        "credit": "WoofWagly", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "A website may be able to track sensitive user information", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "An issue existed in the handling of attachment URLs. This issue was addressed through improved URL handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1781 ", 
        "credit": "Devdatta Akhawe of Dropbox, Inc.", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1778 ", 
        "credit": "0x1byte working with Trend Micro's Zero Day Initiative (ZDI) and Yang Zhao of CM Security", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1783 ", 
        "credit": "Mihai Parparita of Google", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "A malicious website may be able to access restricted ports on arbitrary servers", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "A port redirection issue was addressed through additional port validation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1782 ", 
        "credit": "Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd.", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may reveal a user's current location", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1779 ", 
        "credit": "xisigr of Tencent's Xuanwu Lab (www.tencent.com)", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Opening a maliciously crafted URL may lead to the disclosure of sensitive user information", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "An issue existed in URL redirection when XSS auditor was used in block mode. This issue was addressed through improved URL navigation.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1864 ", 
        "credit": "Takeshi Terada of Mitsui Bussan Secure Directions, Inc.", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected Safari crash", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "A resource exhaustion issue was addressed through improved input validation.", 
        "update": null, 
        "module": "WebKit History", 
        "id": "CVE-2016-1784 ", 
        "credit": "Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of \u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "A malicious website may exfiltrate data cross-origin", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "A caching issue existed with character encoding. This was addressed through additional request checking.", 
        "update": null, 
        "module": "WebKit Page Loading", 
        "id": "CVE-2016-1785 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Visiting a malicious website may lead to user interface spoofing", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4", 
        "description": "Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. This issue was addressed through improved URL display logic.", 
        "update": null, 
        "module": "WebKit Page Loading", 
        "id": "CVE-2016-1786 ", 
        "credit": "ma.la of LINE Corporation", 
        "page": "https://support.apple.com/kb/HT206171"
    }, 
    {
        "impact": "Processing a maliciously crafted .png file may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2015-8126 ", 
        "credit": "Adam Mari\u0161", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted .png file may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.", 
        "update": null, 
        "module": "apache_mod_php", 
        "id": "CVE-2015-8472 ", 
        "credit": "Adam Mari\u0161", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "AppleRAID", 
        "id": "CVE-2016-1733 ", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A local user may be able to determine kernel memory layout", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.", 
        "update": null, 
        "module": "AppleRAID", 
        "id": "CVE-2016-1732 ", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A USB device may be able to cause a denial of service", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "An error handling issue existed in packet validation. This issue was addressed through improved error handling.", 
        "update": null, 
        "module": "AppleUSBNetworking", 
        "id": "CVE-2016-1734 ", 
        "credit": "Andrea Barisani and Andrej Rosano of Inverse Path", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Bluetooth", 
        "id": "CVE-2016-1735 ", 
        "credit": "Jeonghoon Shin@A.D.D", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Bluetooth", 
        "id": "CVE-2016-1736 ", 
        "credit": "beist and ABH of BoB", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted .dfont file may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.", 
        "update": null, 
        "module": "Carbon", 
        "id": "CVE-2016-1737 ", 
        "credit": "HappilyCoded (ant4g0nist &r3dsm0k3)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An attacker may tamper with code-signed applications to execute arbitrary code in the application's context", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A code signing verification issue existed in dyld. This issue was addressed with improved validation.", 
        "update": null, 
        "module": "dyld", 
        "id": "CVE-2016-1738 ", 
        "credit": "beist and ABH of BoB", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2016-1740 ", 
        "credit": "HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A remote attacker may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.", 
        "update": null, 
        "module": "HTTPProtocol", 
        "id": "CVE-2015-8659", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-1743 ", 
        "credit": "Piotr Bania of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Intel Graphics Driver", 
        "id": "CVE-2016-1744 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A local user may be able to cause a denial of service", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A null pointer dereference was addressed through improved validation.", 
        "update": null, 
        "module": "IOFireWireFamily", 
        "id": "CVE-2016-1745 ", 
        "credit": "sweetchip of Grayhash", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "IOGraphics", 
        "id": "CVE-2016-1746 ", 
        "credit": "Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue was addressed through improved input validation.", 
        "update": null, 
        "module": "IOGraphics", 
        "id": "CVE-2016-1747 ", 
        "credit": "Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-1748 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOUSBFamily", 
        "id": "CVE-2016-1749 ", 
        "credit": "Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A use after free issue was addressed through improved memory management.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1750 ", 
        "credit": "CESG", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A race condition existed during the creation of new processes. This was addressed through improved state handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1757 ", 
        "credit": "Ian Beer of Google Project Zero and Pedro Vila\u00e7a", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A null pointer dereference was addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1756 ", 
        "credit": "Lufeng Li of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1754 ", 
        "credit": "Lufeng Li of Qihoo 360 Vulcan Team", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1755 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1759 ", 
        "credit": "lokihardt", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to determine kernel memory layout", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1758 ", 
        "credit": "Brandon Azad", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple integer overflows were addressed through improved input validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1753 ", 
        "credit": "Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to cause a denial of service", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A denial of service issue was addressed through improved validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1752 ", 
        "credit": "CESG", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-1819", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-5312 ", 
        "credit": "David Drysdale of Google", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-7499", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-7500 ", 
        "credit": "Kostya Serebryany of Google", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-7942 ", 
        "credit": "Kostya Serebryany of Google", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-8035 ", 
        "credit": "gustavo.grieco", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-8242 ", 
        "credit": "Hugh Davenport", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1761 ", 
        "credit": "wol0xff working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2016-1762", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Clicking a JavaScript link can reveal sensitive user information", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks.", 
        "update": null, 
        "module": "Messages", 
        "id": "CVE-2016-1764 ", 
        "credit": "Matthew Bryant of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A cryptographic issue was addressed by rejecting duplicate messages on the client.", 
        "update": null, 
        "module": "Messages", 
        "id": "CVE-2016-1788 ", 
        "credit": "Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "NVIDIA Graphics Drivers", 
        "id": "CVE-2016-1741 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Connecting to a server may leak sensitive user information, such as a client's private keys", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client.", 
        "update": null, 
        "module": "OpenSSH", 
        "id": "CVE-2016-0777 ", 
        "credit": "Qualys", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Connecting to a server may leak sensitive user information, such as a client's private keys", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client.", 
        "update": null, 
        "module": "OpenSSH", 
        "id": "CVE-2016-0778 ", 
        "credit": "Qualys", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Multiple vulnerabilities in LibreSSL", 
        "available": "OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5", 
        "description": "Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8.", 
        "update": null, 
        "module": "OpenSSH", 
        "id": "CVE-2015-5333 ", 
        "credit": "Qualys", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Multiple vulnerabilities in LibreSSL", 
        "available": "OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5", 
        "description": "Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8.", 
        "update": null, 
        "module": "OpenSSH", 
        "id": "CVE-2015-5334 ", 
        "credit": "Qualys", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A remote attacker may be able to cause a denial of service", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh.", 
        "update": null, 
        "module": "OpenSSL", 
        "id": "CVE-2015-3195", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted .png file may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.", 
        "update": null, 
        "module": "Python", 
        "id": "CVE-2014-9495", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted .png file may lead to arbitrary code execution", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.", 
        "update": null, 
        "module": "Python", 
        "id": "CVE-2015-0973", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-1767 ", 
        "credit": "Francis Provencher from COSIG", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-1768 ", 
        "credit": "Francis Provencher from COSIG", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2016-1769 ", 
        "credit": "Francis Provencher from COSIG", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Clicking a tel link can make a call without prompting the user", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A user was not prompted before invoking a call. This was addressed through improved entitlement checks.", 
        "update": null, 
        "module": "Reminders", 
        "id": "CVE-2016-1770 ", 
        "credit": "Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A local attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648.", 
        "update": null, 
        "module": "Ruby", 
        "id": "CVE-2015-7551", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A local user may be able to check for the existence of arbitrary files", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A permissions issue existed in code signing tools. This was addressed though additional ownership checks.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-1773 ", 
        "credit": "Mark Mentovai of Google Inc.", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted certificate may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "Security", 
        "id": "CVE-2016-1950 ", 
        "credit": "Francis Gabriel of Quarkslab", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted .png file may lead to arbitrary code execution", 
        "available": "OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3", 
        "description": "Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng.", 
        "update": null, 
        "module": "Tcl", 
        "id": "CVE-2015-8126", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to arbitrary code execution", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "TrueTypeScaler", 
        "id": "CVE-2016-1775 ", 
        "credit": "0x1byte working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An attacker with a privileged network position may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.", 
        "update": null, 
        "module": "Wi-Fi", 
        "id": "CVE-2016-0801 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "An attacker with a privileged network position may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 to v10.11.3", 
        "description": "A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.", 
        "update": null, 
        "module": "Wi-Fi", 
        "id": "CVE-2016-0802 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT206167"
    }, 
    {
        "impact": "A local attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "otool", 
        "id": "CVE-2016-1765 ", 
        "credit": "Proteas of Qihoo 360 Nirvan Team and Will Estes (@squiffy)", 
        "page": "https://support.apple.com/kb/HT206172"
    }, 
    {
        "impact": "A malicious server may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in subversion versions prior to 1.7.21, the most serious of which may have led to remote code execution. These were addressed by updating subversion to version 1.7.22.", 
        "update": null, 
        "module": "subversion", 
        "id": "CVE-2015-3184 ", 
        "credit": "C. Michael Pilato, CollabNet", 
        "page": "https://support.apple.com/kb/HT206172"
    }, 
    {
        "impact": "A malicious server may be able to execute arbitrary code", 
        "available": "OS X El Capitan v10.11 and later", 
        "description": "Multiple vulnerabilities existed in subversion versions prior to 1.7.21, the most serious of which may have led to remote code execution. These were addressed by updating subversion to version 1.7.22.", 
        "update": null, 
        "module": "subversion", 
        "id": "CVE-2015-3187 ", 
        "credit": "C. Michael Pilato, CollabNet", 
        "page": "https://support.apple.com/kb/HT206172"
    }, 
    {
        "impact": "An application may be able to bypass code signing", 
        "available": "Apple TV (4th generation)", 
        "description": "A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1751 ", 
        "credit": "Eric Monti of Square Mobile Security", 
        "page": "https://support.apple.com/kb/HT206169"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Disk Images", 
        "id": "CVE-2016-1717 ", 
        "credit": "Frank Graziano of Yahoo! Pentest Team", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2016-1719 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1720 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2016-1721 ", 
        "credit": "Ian Beer of Google Project Zero and Ju Zhu of Trend Micro", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "A type confusion issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "libxslt", 
        "id": "CVE-2015-7995 ", 
        "credit": "puzzor", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "An application may be able to execute arbitrary code with kernel privileges", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "syslog", 
        "id": "CVE-2016-1722 ", 
        "credit": "Joshua J. Drake and Nikias Bassen of Zimperium zLabs", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1723 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1724 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1725 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1726 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to arbitrary code execution", 
        "available": "Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes", 
        "description": "Multiple memory corruption issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1727 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT206168"
    }, 
    {
        "impact": "An application may be able to modify events from other applications", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An event handler validation issue existed in the XPC Services API. This issue was addressed through improved message validation.", 
        "update": null, 
        "module": "LaunchServices", 
        "id": "CVE-2016-1760 ", 
        "credit": "Proteas of Qihoo 360 Nirvan Team", 
        "page": "https://support.apple.com/kb/HT206166"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may auto-fill text into other Message threads", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An issue existed in the parsing of SMS URLs. This issue was addressed through improved URL validation.", 
        "update": null, 
        "module": "Messages", 
        "id": "CVE-2016-1763 ", 
        "credit": "CityTog", 
        "page": "https://support.apple.com/kb/HT206166"
    }, 
    {
        "impact": "An untrusted MDM profile may be incorrectly displayed as verified", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A certificate validation issue existed in MDM profiles. This was addressed through additional checks.", 
        "update": null, 
        "module": "Profiles", 
        "id": "CVE-2016-1766 ", 
        "credit": "Taylor Boyko working with Trend Micro's Zero Day Initiative (ZDI)", 
        "page": "https://support.apple.com/kb/HT206166"
    }, 
    {
        "impact": "A website may be able to track sensitive user information", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "A hidden web page may be able to access device-orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1780 ", 
        "credit": "Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK", 
        "page": "https://support.apple.com/kb/HT206166"
    }, 
    {
        "impact": "Visiting a maliciously crafted website may reveal a user's current location", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206166"
    }, 
    {
        "impact": "An attacker in a privileged network position may be able to control the contents of the updates window", 
        "available": "Windows 7 and later", 
        "description": "The contents of the updates window were retrieved from the network using an unprotected HTTP connection. This issue was addressed by using an encrypted HTTPS connection to retrieve the contents.", 
        "update": null, 
        "module": "Apple Software Update", 
        "id": "CVE-2016-1731", 
        "credit": "", 
        "page": "https://support.apple.com/kb/HT206091"
    }, 
    {
        "impact": "A malicious Wi-Fi network may be able to determine networks a device has previously accessed", 
        "available": "Apple TV (3rd generation)", 
        "description": "Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks.", 
        "update": null, 
        "module": "bootp", 
        "id": "CVE-2015-3778 ", 
        "credit": "Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious application may be able to access the iCloud user record of a previously signed in user", 
        "available": "Apple TV (3rd generation)", 
        "description": "A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling.", 
        "update": null, 
        "module": "CloudKit", 
        "id": "CVE-2015-3782 ", 
        "credit": "Deepkanwal Plaha of University of Toronto", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious app may be able to read other apps' managed preferences", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.", 
        "update": null, 
        "module": "CFPreferences", 
        "id": "CVE-2015-3793 ", 
        "credit": "Andreas Weinlein of the Appthority Mobility Threat Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious application may be able to execute unsigned code", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.", 
        "update": null, 
        "module": "Code Signing", 
        "id": "CVE-2015-3806 ", 
        "credit": "TaiG Jailbreak Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A specially crafted executable file could allow unsigned, malicious code to execute", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.", 
        "update": null, 
        "module": "Code Signing", 
        "id": "CVE-2015-3803 ", 
        "credit": "TaiG Jailbreak Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A local user may be able to execute unsigned code", 
        "available": "Apple TV (3rd generation)", 
        "description": "A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.", 
        "update": null, 
        "module": "Code Signing", 
        "id": "CVE-2015-3802 ", 
        "credit": "TaiG Jailbreak Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A local user may be able to execute unsigned code", 
        "available": "Apple TV (3rd generation)", 
        "description": "A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.", 
        "update": null, 
        "module": "Code Signing", 
        "id": "CVE-2015-3805 ", 
        "credit": "TaiG Jailbreak Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in CoreMedia Playback. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "CoreMedia Playback", 
        "id": "CVE-2015-5777 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in CoreMedia Playback. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "CoreMedia Playback", 
        "id": "CVE-2015-5778 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "CoreText", 
        "id": "CVE-2015-5755 ", 
        "credit": "John Villamil (@day6reak), Yahoo Pentest Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "CoreText", 
        "id": "CVE-2015-5761 ", 
        "credit": "John Villamil (@day6reak), Yahoo Pentest Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "DiskImages", 
        "id": "CVE-2015-3800 ", 
        "credit": "Frank Graziano of the Yahoo Pentest Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2015-3804 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2015-5756 ", 
        "credit": "John Villamil (@day6reak), Yahoo Pentest Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.", 
        "update": null, 
        "module": "FontParser", 
        "id": "CVE-2015-5775 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2015-5758 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Parsing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "Apple TV (3rd generation)", 
        "description": "An uninitialized memory access issue existed in ImageIO's handling of PNG images. This issue was addressed through improved memory initialization and additional validation of PNG images.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2015-5781 ", 
        "credit": "Michal Zalewski", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Parsing maliciously crafted web content may result in the disclosure of process memory", 
        "available": "Apple TV (3rd generation)", 
        "description": "An uninitialized memory access issue existed in ImageIO's handling of TIFF images. This issue is addressed through improved memory initialization and additional validation of TIFF images.", 
        "update": null, 
        "module": "ImageIO", 
        "id": "CVE-2015-5782 ", 
        "credit": "Michal Zalewski", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOKit", 
        "id": "CVE-2015-3776 ", 
        "credit": "Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV (3rd generation)", 
        "description": "A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOHIDFamily", 
        "id": "CVE-2015-5774 ", 
        "credit": "TaiG Jailbreak Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious application may be able to determine kernel memory layout", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2015-3766 ", 
        "credit": "Cererdlong of Alibaba Mobile Security Team, @PanguTeam", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV (3rd generation)", 
        "description": "An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.", 
        "update": null, 
        "module": "Kernel", 
        "id": "CVE-2015-3768 ", 
        "credit": "Ilja van Sprundel", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Libc", 
        "id": "CVE-2015-3796 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Libc", 
        "id": "CVE-2015-3797 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "Libc", 
        "id": "CVE-2015-3798 ", 
        "credit": "Ian Beer of Google Project Zero", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in handling AF_INET6 sockets. This issue was addressed by improved memory handling.", 
        "update": null, 
        "module": "Libinfo", 
        "id": "CVE-2015-5776 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking.", 
        "update": null, 
        "module": "libpthread", 
        "id": "CVE-2015-5757 ", 
        "credit": "Lufeng Li of Qihoo 360", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Parsing a maliciously crafted XML document may lead to disclosure of user information", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2015-3807 ", 
        "credit": "Michal Zalewski", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2012-6685 ", 
        "credit": "Felix Groebert of Google", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2014-0191 ", 
        "credit": "Felix Groebert of Google", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2.", 
        "update": null, 
        "module": "libxml2", 
        "id": "CVE-2014-3660 ", 
        "credit": "Felix Groebert of Google", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A malicious application may be able to execute arbitrary code with system privileges", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking.", 
        "update": null, 
        "module": "libxpc", 
        "id": "CVE-2015-3795 ", 
        "credit": "Mathew Rowley", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "A local user may be able to modify protected parts of the filesystem", 
        "available": "Apple TV (3rd generation)", 
        "description": "A symbolic link issue was addressed through improved path validation.", 
        "update": null, 
        "module": "Location Framework", 
        "id": "CVE-2015-3759 ", 
        "credit": "Cererdlong of Alibaba Mobile Security Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Parsing maliciously crafted XML may lead to disclosure of user information", 
        "available": "Apple TV (3rd generation)", 
        "description": "An external entity reference issue existed in XML parsing. This issue was addressed through improved parsing.", 
        "update": null, 
        "module": "Office Viewer", 
        "id": "CVE-2015-3784 ", 
        "credit": "Bruno Morisson of INTEGRITY S.A.", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "A memory corruption issue existed in parsing of office documents. This issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "QL Office", 
        "id": "CVE-2015-5773 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "An malicious app may be able to read other apps' managed preferences", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.", 
        "update": null, 
        "module": "Sandbox_profiles", 
        "id": "CVE-2015-5749 ", 
        "credit": "Andreas Weinlein of the Appthority Mobility Threat Team", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3730 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3731 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3732 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3733 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3734 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3735 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3736 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3737 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3738 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3739 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3740 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3741 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3742 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3743 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3744 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3745 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3746 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3747 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3748 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Apple TV (3rd generation)", 
        "description": "Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3749 ", 
        "credit": "Apple", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Maliciously crafted web content may exfiltrate image data cross-origin", 
        "available": "Apple TV (3rd generation)", 
        "description": "", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3753 ", 
        "credit": "Antonio Sanso and Damien Antipa of Adobe", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Maliciously crafted web content may trigger plaintext requests to an origin under HTTP Strict Transport Security", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed where Content Security Policy report requests would not honor HTTP Strict Transport Security (HSTS). The issue was addressed by applying HSTS to CSP.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3750 ", 
        "credit": "Muneaki Nishimura (nishimunea)", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Content Security Policy report requests may leak cookies", 
        "available": "Apple TV (3rd generation)", 
        "description": "Two issues existed in how cookies were added to Content Security Policy report requests. Cookies were sent in cross-origin report requests in violation of the standard. Cookies set during regular browsing were sent in private browsing. These issues were addressed through improved cookie handling.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3752 ", 
        "credit": "Muneaki Nishimura (nishimunea)", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Image loading may violate a website's Content Security Policy directive", 
        "available": "Apple TV (3rd generation)", 
        "description": "An issue existed where processing web content with video controls would load images nested in object elements in violation of the website's Content Security Policy directive. This issue was addressed through improved Content Security Policy enforcement.", 
        "update": null, 
        "module": "WebKit", 
        "id": "CVE-2015-3751 ", 
        "credit": "Muneaki Nishimura (nishimunea)", 
        "page": "https://support.apple.com/kb/HT205795"
    }, 
    {
        "impact": "Websites may know if the user has visited a given link", 
        "available": "OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.3", 
        "description": "", 
        "update": null, 
        "module": "WebKit CSS", 
        "id": "CVE-2016-1728 ", 
        "credit": "an anonymous researcher coordinated via Joe Vennix", 
        "page": "https://support.apple.com/kb/HT205730"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11 to v10.11.2", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "AppleGraphicsPowerManagement", 
        "id": "CVE-2016-1716 ", 
        "credit": "moony li of Trend Micro and Liang Chen and Sen Nie of KeenLab, Tencent", 
        "page": "https://support.apple.com/kb/HT205731"
    }, 
    {
        "impact": "A local user may be able to execute arbitrary code with kernel privileges", 
        "available": "OS X El Capitan v10.11.0 to v10.11.2", 
        "description": "A memory corruption issue was addressed through improved memory handling.", 
        "update": null, 
        "module": "IOAcceleratorFamily", 
        "id": "CVE-2016-1718 ", 
        "credit": "Juwei Lin Trend Micro working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT205731"
    }, 
    {
        "impact": "A quarantined application may be able to override OSA script libraries installed by the user", 
        "available": "OS X El Capitan v10.11 to v10.11.2", 
        "description": "An issue existed when searching for scripting libraries. This issue was addressed through improved search order and quarantine checks.", 
        "update": null, 
        "module": "OSA Scripts", 
        "id": "CVE-2016-1729 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT205731"
    }, 
    {
        "impact": "A malicious captive portal may be able to access the user's cookies", 
        "available": "iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later", 
        "description": "An issue existed that allowed some captive portals to read or write cookies. The issue was addressed through an isolated cookie store for all captive portals.", 
        "update": null, 
        "module": "WebSheet", 
        "id": "CVE-2016-1730 ", 
        "credit": "Adi Sharabani and Yair Amit of Skycure", 
        "page": "https://support.apple.com/kb/HT205732"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7085 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7086 ", 
        "credit": "an anonymous researcher", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7087 ", 
        "credit": "Ryan Pentney and Richard Johnson of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7088 ", 
        "credit": "Ryan Pentney and Richard Johnson of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7089 ", 
        "credit": "Ryan Pentney and Richard Johnson of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7090 ", 
        "credit": "Ryan Pentney and Richard Johnson of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7091 ", 
        "credit": "Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7092 ", 
        "credit": "Jaanus Kp Clarified Security working with HP's Zero Day Initiative", 
        "page": "https://support.apple.com/kb/HT205638"
    }, 
    {
        "impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution", 
        "available": "Windows 7 and Windows Vista", 
        "description": "Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.", 
        "update": null, 
        "module": "QuickTime", 
        "id": "CVE-2015-7117", 
        "credit": "Ryan Pentney and Richard Johnson of Cisco Talos", 
        "page": "https://support.apple.com/kb/HT205638"
    }
]