An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file.
Apple Security Advisory 2016-10-24-2 - macOS Sierra 10.12.1 is now available and addresses code execution, privilege escalation, and various other vulnerabilities.