Iphone Os Security Vulnerabilities and Issues — Page 4 of Iphone Os CVE List

4.3CVSS6.3AI score0.00498EPSS

CVE-2015-1091

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

5CVSS5.9AI score0.00735EPSS

CVE-2015-1110

The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.

5CVSS6.4AI score0.00875EPSS

CVE-2015-1118

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

6.8CVSS8.9AI score0.00913EPSS

CVE-2015-1119

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00836EPSS

CVE-2015-1122

CVE•added 2015/07/03 2:0 a.m.•55 views

CVE-2015-3727

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.

6.8CVSS7.6AI score0.00942EPSS

CVE•added 2015/08/16 11:59 p.m.•55 views

CVE-2015-3735

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•55 views

CVE-2015-3746

6.8CVSS8.4AI score0.01081EPSS

4.3CVSS5.9AI score0.00846EPSS

CVE-2015-5765

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.

6.8CVSS8.8AI score0.01538EPSS

CVE-2015-5797

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01538EPSS

CVE-2015-5799

6.8CVSS7.8AI score0.01538EPSS

CVE-2015-5802

CVE•added 2015/09/18 11:0 a.m.•55 views

CVE-2015-5860

The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.

5CVSS5.9AI score0.00498EPSS

CVE•added 2015/09/18 12:0 p.m.•55 views

CVE-2015-5867

IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.2AI score0.01084EPSS

CVE•added 2015/09/18 12:0 p.m.•55 views

CVE-2015-5876

dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.1AI score0.01636EPSS

CVE•added 2015/10/23 9:59 p.m.•55 views

CVE-2015-6988

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.

10CVSS8.7AI score0.11013EPSS

CVE•added 2015/10/23 9:59 p.m.•55 views

CVE-2015-6993

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/10/23 9:59 p.m.•55 views

CVE-2015-6995

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

6.8CVSS8.8AI score0.10588EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7054

zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8CVSS8.9AI score0.01142EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7099

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•55 views

CVE-2015-7105

CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8CVSS9AI score0.02531EPSS

CVE•added 2015/01/30 11:59 a.m.•54 views

CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS5.1AI score0.08613EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1095

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

7.2CVSS7.2AI score0.00216EPSS

CVE•added 2015/07/03 1:59 a.m.•54 views

CVE-2015-3694

FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/16 11:59 p.m.•54 views

CVE-2015-3736

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•54 views

CVE-2015-3750

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to...

6.4CVSS6.8AI score0.00771EPSS

CVE•added 2015/08/17 12:0 a.m.•54 views

CVE-2015-5755

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5795

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5807

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5826

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

4.3CVSS5.8AI score0.00664EPSS

CVE•added 2015/09/18 11:0 a.m.•54 views

CVE-2015-5847

The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS6AI score0.00073EPSS

CVE•added 2015/09/18 12:0 p.m.•54 views

CVE-2015-5869

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

3.3CVSS5.8AI score0.00452EPSS

CVE•added 2015/09/18 12:0 p.m.•54 views

CVE-2015-5899

libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00093EPSS

CVE•added 2015/09/18 12:0 p.m.•54 views

CVE-2015-5916

The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.

4.3CVSS5.2AI score0.00555EPSS

CVE•added 2015/10/23 9:59 p.m.•54 views

CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

5.8CVSS8.1AI score0.00742EPSS

4.3CVSS7.6AI score0.01078EPSS

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

2.6CVSS7.8AI score0.00738EPSS

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

6.8CVSS9AI score0.02828EPSS

CVE-2015-7074

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

5CVSS8AI score0.00529EPSS

CVE-2015-7081

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVE•added 2015/03/18 10:59 p.m.•53 views

CVE-2015-1072

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•53 views

CVE-2015-1124

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3751

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.

5CVSS7.2AI score0.01553EPSS

CVE•added 2015/08/17 12:0 a.m.•53 views

CVE-2015-3793

CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

4.3CVSS6.4AI score0.003EPSS

6.8CVSS7.8AI score0.01538EPSS

CVE-2015-5792

4.3CVSS4.9AI score0.00096EPSS

CVE-2015-5824

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

2.1CVSS5AI score0.00069EPSS

CVE-2015-5832

The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.