The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.