An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Apple Security Advisory 2017-05-15-1 - macOS 10.12.5 is now available and addresses certificate validation, privilege escalation, and various other vulnerabilities.