The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.

dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.

Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site.