CVE-2016-4638

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.6

Description The issue allows attackers to gain privileges via a crafted app that leverages a type confusion in the Login Window. This type confusion exists in the WindowServer, specifically affecting the XSetApplicationBindingsForWorkspaces and XSetDictionaryForCurrentSession functions.

Recommendations For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. As a temporary workaround, consider restricting the execution of crafted apps that could leverage the type confusion in the WindowServer.