Published: 20/02/2017 Updated: 29/07/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

An issue exists in certain Apple products. macOS prior to 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote malicious users to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

The Register • Shaun Nichols in San Francisco • 24 Oct 2016

Get patching now

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV. Miscreants who exploit these flaws can take over the vulnerable device – all a victim has to do is open a JPEG or PDF file booby-trapped with malicious code, so get patching before you're caught out. The fixes come just days before the Cupertino developer of TextEdit is set to hold a special event to introduce a (presumed) refresh o...

CVE-2016-4671

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect