CVE 2016-4696
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
See the
CVE page on Mitre.org
for more details.