CVE-2016-4640

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.6

Description The issue allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service due to memory corruption via a crafted app. It is related to a heap-buffer overflow and memory corruption in the WindowServer, specifically in the XRegisterCursorWithData function.

Recommendations For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the WindowServer to minimize the risk of exploitation.