Search:
How to install OS X El Capitan on your Mac
Oct 1, 2015 Use the Mac App Store to install OS X El Capitan on Mac computers that meet the system requirements.
https://support.apple.com/en-us/HT201475Get Started with OS X El Capitan
Oct 1, 2015 We’re here to help you take your Mac to new heights with El Capitan, the newest version of OS X. El Capitan gives you simpler, smarter ways to do the things you love to do on your Mac. Here’s how to get started.
http://www.apple.com/support/osx/get_started/OS X El Capitan - Support
Oct 1, 2015 Resources and contact options for El Capitan, Yosemite & more. Find features, how to upgrade, migrate, get help, and more.
http://www.apple.com/support/osx/OS X El Capitan | Apple Support Communities
Oct 1, 2015 Find and share solutions with Apple users around the world about OS X El Capitan.
https://discussions.apple.com/community/mac_os/os_x_el_capitanAbout the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Jun 20, 2016 Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. CVE-ID CVE-2015-0235 CVE-2015-0273 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 ATS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team Audio Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-7003 : Mark Brand of Google Project Zero Audio Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5933 : Apple CVE-2015-5934 : Apple Bom Available for: OS X El Capitan 10.11 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd of Azimuth Security CFNetwork Available for: OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz and Michael Lutonsky; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team Directory Utility Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with root privileges Description: An authentication issue existed during the establishment of new sessions. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-6980 : Michael of Westside Community Schools Disk Images Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero EFI Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-4860 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT File Bookmark Available for: OS X El Capitan 10.11 Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks. CVE-ID CVE-2015-6987 : Luca Todesco (@qwertyoruiop) FontParser Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team FontParser Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team Grand Central Dispatch Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed
https://support.apple.com/en-us/HT205375About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003
Jul 29, 2016 AMD Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1792 : beist and ABH of BoB AMD Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2016-1791 : daybreaker of Minionz apache_mod_php Available for: OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.34. These were addressed by updating PHP to version 5.5.34. CVE-ID CVE-2015-8865 CVE-2016-3141 CVE-2016-3142 CVE-2016-4070 CVE-2016-4071 CVE-2016-4072 CVE-2016-4073 AppleGraphicsControl Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1793 : Ian Beer of Google Project Zero CVE-2016-1794 : Ian Beer of Google Project Zero AppleGraphicsPowerManagement Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1795 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ATS Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to leak sensitive user information Description: An out of bounds memory access issue was addressed through improved memory handling. CVE-ID CVE-2016-1796 : lokihardt working with Trend Micro's Zero Day Initiative ATS Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An issue existed in the sandbox policy. This was addressed by sandboxing FontValidator. CVE-ID CVE-2016-1797 : lokihardt working with Trend Micro's Zero Day Initiative Audio Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1798 : Juwei Lin of TrendMicro Audio Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1799 : Juwei Lin of TrendMicro Captive Network Assistant Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance Description: A custom URL scheme handling issue was addressed through improved input validation. CVE-ID CVE-2016-1800 : Apple CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling. CVE-ID CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security CommonCrypto Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management. CVE-ID CVE-2016-1802 : Klaus Rodewig CoreCapture Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative CoreStorage Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1805 : Stefan Esser Crash Reporter Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: A configuration issue was addressed through additional restrictions. CVE-ID CVE-2016-1806 : lokihardt working with Trend Micro's Zero Day Initiative Disk Images Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to read kernel memory Description: A race condition was addressed through improved locking. CVE-ID CVE-2016-1807 : Ian Beer of Google Project Zero Disk Images Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2016-1808 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro Disk Utility Available for: OS X El Capitan v10.11 and later Impact: Disk Utility failed to compress and encrypt disk images Description: Incorrect keys were being used to encrypt disk images. This issue was addressed by updating the encryption keys. CVE-ID CVE-2016-1809 : Ast A. Moore (@astamoore) and David Foster of TechSmartKids Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1810 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro ImageIO Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1811 : Lander Brandt (@landaire) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-ID CVE-2016-1812 : Juwei Lin of TrendMicro Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: An application may be able to determine kernel memory layout Description: Multiple access issues were addressed through additional restrictions. CVE-ID CVE-2016-1860 : Brandon Azad and Qidan He (@flanker_hqd) from KeenLab, Tencent CVE-2016-1862 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved locking. CVE-ID CVE-2016-1814 : Juwei Lin of TrendMicro IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1815 : Liang Chen, Qidan He of KeenLab, Tencent working with Trend Micro's Zero Day Initiative CVE-2016-1817 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2016-1818 : Juwei Lin of TrendMicro CVE-2016-1819 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1813 : Ian Beer of Google Project Zero CVE-2016-1816 : Peter Pi (@heisecode) of Trend Micro and Juwei Lin of Trend Micro IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-ID CVE-2016-1820 : Moony Li (@Flyic) and Jack Tang (@jacktang310) of Trend Micro working with Trend Micro’s Zero Day Initiative IOAudioFamily Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved validation
https://support.apple.com/en-us/HT206567About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
Dec 15, 2015 apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30. CVE-ID CVE-2015-7803 CVE-2015-7804 AppSandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Bluetooth Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7108 : Ian Beer of Google Project Zero CFNetwork HTTPProtocol Available for: OS X El Capitan v10.11 and v10.11.1 Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea) Compression Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru Configuration Profiles Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local attacker may be able to install a configuration profile without admin privileges Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-7062 : David Mulder of Dell Software CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075 Disk Images Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7110 : Ian Beer of Google Project Zero EFI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7063 : Apple File Bookmark Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7071 : Apple Hypervisor Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management. CVE-ID CVE-2015-7078 : Ian Beer of Google Project Zero iBooks Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A null pointer dereference issue was addressed through improved input validation. CVE-ID CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7077 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7109 : Juwei Lin of TrendMicro IOHIDFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero IOThunderboltFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts. CVE-ID CVE-2015-7067 : Juwei Lin of TrendMicro Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory
https://support.apple.com/en-us/HT205637About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004
Aug 25, 2016 Released July 18, 2016 apache_mod_php Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-5093 CVE-2016-5094 CVE-2016-5096 CVE-2013-7456 Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin(@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro; Jack Tang and Moony Li of Trend Micro working with Trend Micro's Zero Day Initiative Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc. CFNetwork Credentials Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials. CVE-2016-4644 : Jerry Decime coordinated via CERT CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. CVE-2016-4643 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University; Jerry Decime coordinated via CERT CFNetwork Proxies Available for: OS X El Capitan v10.11 and later Impact: An application may unknowingly send a password unencrypted over the network Description: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. CVE-2016-4642 : Jerry Decime coordinated via CERT CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports) FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports) ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com/vulnerability-reports) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-4653 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent, CESG libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Böck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofer CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may
https://support.apple.com/en-us/HT206903Apple security updates
Sep 23, 2016 Name and information link Available for Release date iOS 10.0.2 iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 23 Sept 2016 iCloud for Windows 6.0 Windows 7 and later 20 Sept 2016 macOS Server 5.2 macOS Sierra 10.12 20 Sept 2016 Safari 10 OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12 20 Sept 2016 macOS Sierra 10.12 OS X El Capitan v10.11.6 20 Sept 2016 iTunes 12.5.1 for Windows Windows 7 and later 13 Sept 2016 tvOS 10 Apple TV (4th generation) 13 Sept 2016 watchOS 3 All Apple Watch models 13 Sept 2016 Xcode 8 OS X El Capitan v10.11.5 and later 13 Sept 2016 iOS 10.0.1 iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 13 Sept 2016 iOS 10 iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later 13 Sept 2016 Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6 1 Sept 2016 Safari 9.1.3 OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 1 Sept 2016 iOS 9.3.5 iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later 25 Aug 2016 iOS 9.3.4 iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later 4 Aug 2016 iCloud for Windows 5.2.1 Windows 7 and later 18 July 2016 iTunes 12.4.2 for Windows Windows 7 and later 18 July 2016 Safari 9.1.2 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6 18 July 2016 tvOS 9.2.2 Apple TV (4th generation) 18 July 2016 watchOS 2.2.2 Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes 18 July 2016 iOS 9.3.3 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 18 July 2016 OS X El Capitan v10.11.6 and Security Update 2016-004 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later 18 July 2016 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n; AirPort Extreme and AirPort Time Capsule base stations with 802.11ac 20 June 2016 iTunes 12.4 Windows 7 and later 16 May 2016 Safari 9.1.1 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 16 May 2016 OS X El Capitan v10.11.5 and Security Update 2016-003 OS X El Capitan v10.11 and later 16 May 2016 watchOS 2.2.1 Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes 16 May 2016 iOS 9.3.2 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 16 May 2016 tvOS 9.2.1 Apple TV (4th generation) 16 May 2016 Xcode 7.3.1 OS X El Capitan v10.11 and later 3 May 2016 iOS 9.3.1 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 31 Mar 2016 iBooks Author 2.4.1 OS X Yosemite v10.10 and later 29 Mar 2016 OS X Server 5.1 OS X El Capitan v10.11.4 21 Mar 2016 Safari 9.1 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4 21 Mar 2016 OS X El Capitan v10.11.4 and Security Update 2016-002 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 21 Mar 2016 Xcode 7.3 OS X El Capitan v10.11 and later 21 Mar 2016 tvOS 9.2 Apple TV (4th generation) 21 Mar 2016 watchOS 2.2 Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes 21 Mar 2016 iOS 9.3 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 21 Mar 2016 Apple Software Update 2.2 Windows 7 and later 9 Mar 2016 Apple TV 7.2.1 Apple TV (3rd generation) 25 Feb 2016 tvOS 9.1.1 Apple TV (4th generation) 25 Jan 2016 Safari 9.0.3 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.3 19 Jan 2016 OS X El Capitan 10.11.3 and Security Update 2016-001 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 to v10.11.2 19 Jan 2016 iOS 9.2.1 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 19 Jan 2016 QuickTime 7.7.9 Windows 7 and Windows Vista 7 Jan 2016 Security Update 2015-006 Yosemite OS X Yosemite v10.10.5 11 Dec 2015 iTunes 12.3.2 Windows 7 and later 11 Dec 2015 Xcode 7.2 OS X Yosemite v10.10.5 and later 8 Dec 2015 Safari 9.0.2 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.2 8 Dec 2015 watchOS 2.1 Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes 8 Dec 2015 OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 8 Dec 2015 tvOS 9.1 Apple TV (4th generation) 8 Dec 2015 iOS 9.2 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 8 Dec 2015 OS X Server 5.0.15 OS X Yosemite v10.10.5, OS X El Capitan v10.11.1 and later 21 Oct 2015 Xcode 7.1 OS X Yosemite v10.10.5 and later 21 Oct 2015 Mac EFI Security Update 2015-002 OS X Mavericks v10.9.5 21 Oct 2015 iTunes 12.3.1 Windows 7 and later 21 Oct 2015 OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 21 Oct 2015 Safari 9.0.1 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.1 21 Oct 2015 watchOS 2.0.1 Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes 21 Oct 2015 iOS 9.1 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 21 Oct 2015 Keynote 6.6, Pages 5.6, Numbers 3.6, iWork for iOS 2.6 OS X Yosemite v10.10.4 and later, iOS 8.4 and later 15 Oct 2015 OS X El Capitan 10.11 Mac OS X v10.6.8 and later 30 Sept 2015 Safari 9 OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 30 Sept 2015 iOS 9.0.2 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 30 Sept 2015 watchOS 2 Apple Watch Sport, Apple Watch, and Apple Watch Edition 21 Sept 2015 OS X Server v5.0.3 OS X Yosemite v10.10.5 and later 16 Sept 2015 iTunes 12.3 Windows 7 and later 16 Sept 2015 Xcode 7.0 OS X Yosemite v10.10.4 and later 16 Sept 2015 iOS 9 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 16 Sept 2015 QuickTime 7.7.8 Windows 7 and Windows Vista 20 Aug 2015 OS X Server v4.1.5 OS X Yosemite v10.10.5 and later 13 Aug 2015 iOS 8.4.1 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 13 Aug 2015 OS X Yosemite 10.10.5 and Security Update 2015-006 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 13 Aug 2015 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.4 13 Aug 2015 QuickTime 7.7.7 Windows 7 and Windows Vista 30 June 2015 iTunes 12.2 Windows 8 and Windows 7 30 June 2015 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 30 June 2015 Mac EFI Security Update 2015-001 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 30 June 2015 OS X Yosemite 10.10.4 and Security Update 2015-005 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 30 June 2015 iOS 8.4 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 30 June 2015 Watch OS 1.0.1 Apple Watch Sport, Apple Watch, and Apple Watch Edition 19 May 2015 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3 06 May 2015 OS X Server 4.1 OS X Yosemite v10.10 and later 08 Apr 2015 Xcode 6.3 OS X Yosemite v10.10 and later 08 Apr 2015 Apple TV 7.2 Apple TV 3rd generation and later 08 Apr 2015 iOS 8.3 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 08 Apr 2015 OS X Yosemite 10.10.3 and Security Update 2015-004 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 08 Apr 2015 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 08 Apr 2015 Security Update 2015-003 OS X Yosemite v10.10.2 19 Mar 2015 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 17 Mar 2015 Xcode 6.2 OS X Mavericks v10.9.4 and later 09 Mar 2015 Security Update 2015-002 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 09 Mar 2015 Apple TV 7.1 Apple TV 3rd generation and later 09 Mar 2015 iOS 8.2 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 09 Mar 2015 OS X v10.10.2 and Security Update 2015-001 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 and v10.10.1 27 Jan 2015 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 27 Jan 2015 iOS 8.1.3 iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later 27 Jan 2015 Apple TV 7.0.3 Apple TV 3rd generation and later 27 Jan 2015 For information about earlier security updates, see these documents: Apple security updates (2014) Apple security updates (2013) Apple security updates (2011 to 2012) Apple security updates (2010) Apple security updates (15 Jan 2008 to 03 Dec 2009) Apple security updates (25 Jan 2005 to 21 Dec 2007) Apple security updates (03 Oct 2003 to 11 Jan 2005) Apple security updates (August 2003 and earlier)
https://support.apple.com/en-us/HT201222About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002
Aug 17, 2016 apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A USB device may be able to cause a denial of service Description: An error handling issue existed in packet validation. This issue was addressed through improved error handling. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : HappilyCoded (ant4g0nist &r3dsm0k3) dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762 Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryant of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11
https://support.apple.com/en-us/HT206167OS X Snow Leopard Support
Sep 21, 2016 Get OS X 10.6 Snow Leopard help and support
https://support.apple.com/snowleopardOS X Lion Support
Sep 21, 2016 Get OS X 10.7 Lion help and support
https://support.apple.com/lionOS X Leopard Community
Sep 21, 2016 Get OS X 10.5 Leopard help and support from users around the world
https://discussions.apple.com/community/mac_os/mac_os_x_v10.5_leopardMail Settings Lookup Tool - Use this simple tool to be sure your email settings are correct in OS X Mail.
Sep 27, 2016 Verify the settings for your email provider using your email address. For Mac OS or iOS, get details about account type, incoming/outgoing server details and more.
https://www.apple.com/support/mail-settings-lookup/OS X Yosemite | Apple Support Communities
Dec 1, 2015 OS X Yosemite (10.10)
https://discussions.apple.com/community/mac_os/os_x_yosemite
Get help from Apple users around the world.
Visit Apple Support Communities to ask a question, find existing answers, or share your expertise with others.
Visit Communities