Date published: 2016-07-21T22:59:00.127-04:00
Date last modified: 2017-08-31T21:29:00.317-04:00
CVSS Score: 7.2
Principal attack vector: LOCAL
Reference URL: http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
Summary: Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.