R3Dsm0K3

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue involves the `Foundation` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted file. **Recommendations** For versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is related to the dyld component in the operating system, which is connected to errors in security settings. It allows an attacker to bypass a code-signing protection mechanism via a modified app. This can be exploited by a local attacker. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of modified apps to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is caused by a buffer overflow in the Carbon component of the Mac OS X operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted .dfont file. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to .dfont files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 Apple OS X versions prior to 10.11.4 Apple tvOS versions prior to 9.2 Apple watchOS versions prior to 2.2 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. This is due to a buffer overflow in the FontParser component, which can be exploited by a remote attacker to achieve the aforementioned outcomes. **Recommendations** For Apple iOS versions prior to 9.3, update to version 9.3 or later. For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later. For Apple tvOS versions prior to 9.2, update to version 9.2 or later. For Apple watchOS versions prior to 2.2, update to version 2.2 or later.