After our analysis of CVE-2016-4656 from last week new details have surfaced.
The DYLD_PRINT_TO_FILE environment variable can be used for local privilege escalation in OS X Yosemite.
The mach_port_kobject() API function in iOS 8.1.2 and OSX 10.10 can be used to defeat the kernel address obfuscation mitigation.
A vulnerability in WebEdition CMS's captcha implementation allows remote code execution.
Vulnerabilities in PHP's unserialization code for various SPL object types potentially allows remote code execution.
A vulnerability in PHP's phpinfo() function allows PHP scripts to read arbitrary strings from memory.