Iphone Os Security Vulnerabilities and Issues — Page 5 of Iphone Os CVE List

Lucene search

AppleIphone Os

386 matches found

CVE•added 2015/10/23 9:59 p.m.•52 views

CVE-2015-7013

WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 an...

6.8CVSS8.8AI score0.01529EPSS

CVE•added 2015/10/23 9:59 p.m.•52 views

CVE-2015-7018

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7100

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•52 views

CVE-2015-7112

The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2015/01/30 11:59 a.m.•51 views

CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS5.1AI score0.08613EPSS

CVE•added 2015/01/30 11:59 a.m.•51 views

CVE-2014-4487

Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.3AI score0.02421EPSS

CVE•added 2015/03/18 10:59 p.m.•51 views

CVE-2015-1080

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•51 views

CVE-2015-1098

iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

7.3CVSS7.2AI score0.00731EPSS

CVE•added 2015/07/03 2:0 a.m.•51 views

CVE-2015-3710

Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.

4.3CVSS3.7AI score0.00521EPSS

CVE•added 2015/08/16 11:59 p.m.•51 views

CVE-2015-3766

The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.

4.3CVSS6.7AI score0.00524EPSS

CVE•added 2015/08/17 12:0 a.m.•51 views

CVE-2015-3793

CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

4.3CVSS6.4AI score0.003EPSS

CVE•added 2015/08/17 12:0 a.m.•51 views

CVE-2015-3804

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.

7.5CVSS8.7AI score0.02102EPSS

CVE•added 2015/09/18 10:59 a.m.•51 views

CVE-2015-5820

WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.

4.3CVSS5.8AI score0.006EPSS

CVE•added 2015/09/18 10:59 a.m.•51 views

CVE-2015-5841

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

5CVSS5.7AI score0.0062EPSS

CVE•added 2015/09/18 11:0 a.m.•51 views

CVE-2015-5858

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.

5CVSS5.7AI score0.00498EPSS

CVE•added 2015/10/23 9:59 p.m.•51 views

CVE-2015-5927

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

6.8CVSS7.4AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•51 views

CVE-2015-7008

6.8CVSS9AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7050

WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.

4.3CVSS5.3AI score0.00582EPSS

CVE•added 2015/01/30 11:59 a.m.•50 views

CVE-2014-4488

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.1AI score0.01797EPSS

CVE•added 2015/04/10 2:59 p.m.•50 views

CVE-2015-1086

The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

6.9CVSS6.8AI score0.00057EPSS

CVE•added 2015/04/10 2:59 p.m.•50 views

CVE-2015-1093

FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8CVSS7.3AI score0.02489EPSS

CVE•added 2015/05/08 12:59 a.m.•50 views

CVE-2015-1156

The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via ...

4.3CVSS7.7AI score0.00627EPSS

CVE•added 2015/08/16 11:59 p.m.•50 views

CVE-2015-3730

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/08/16 11:59 p.m.•50 views

CVE-2015-3733

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/17 12:0 a.m.•50 views

CVE-2015-3797

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3...

7.5CVSS8.6AI score0.22389EPSS

CVE•added 2015/08/17 12:0 a.m.•50 views

CVE-2015-3802

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.

7.2CVSS7.3AI score0.00061EPSS

CVE•added 2015/08/17 12:0 a.m.•50 views

CVE-2015-5748

The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.

2.1CVSS7.3AI score0.0008EPSS

CVE•added 2015/08/17 12:0 a.m.•50 views

CVE-2015-5758

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

6.8CVSS8.7AI score0.02828EPSS

CVE•added 2015/09/18 10:59 a.m.•50 views

CVE-2015-5791

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•50 views

CVE-2015-5803

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 11:0 a.m.•50 views

CVE-2015-5846

IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.

9.3CVSS7AI score0.01466EPSS

CVE•added 2015/10/23 9:59 p.m.•50 views

CVE-2015-6974

IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.7AI score0.01084EPSS

CVE•added 2015/10/23 9:59 p.m.•50 views

CVE-2015-6990

6.8CVSS9AI score0.03768EPSS

CVE•added 2015/10/23 9:59 p.m.•50 views

CVE-2015-6991

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/10/23 9:59 p.m.•50 views

CVE-2015-7015

Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.

6.8CVSS8.8AI score0.01162EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7038

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.

6.8CVSS9AI score0.27364EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7058

Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

4.3CVSS7.8AI score0.00524EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7064

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066.

6.8CVSS9.1AI score0.01234EPSS

CVE•added 2015/12/11 12:0 p.m.•50 views

CVE-2015-7111

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2015/01/30 11:59 a.m.•49 views

CVE-2014-4483

Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

6.8CVSS5.1AI score0.02074EPSS

CVE•added 2015/01/30 11:59 a.m.•49 views

CVE-2014-8840

The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

6.8CVSS5.9AI score0.00333EPSS

CVE•added 2015/03/18 10:59 p.m.•49 views

CVE-2015-1068

6.8CVSS8.8AI score0.00853EPSS

CVE•added 2015/07/03 1:59 a.m.•49 views

CVE-2015-3684

The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.

6.8CVSS5.3AI score0.01789EPSS

CVE•added 2015/08/17 12:0 a.m.•49 views

CVE-2015-5775

7.5CVSS8.7AI score0.02102EPSS

CVE•added 2015/09/18 11:0 a.m.•49 views

CVE-2015-5850

AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.

2.1CVSS5.7AI score0.00067EPSS

CVE•added 2015/09/18 12:0 p.m.•49 views

CVE-2015-5863

IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

2.1CVSS4.6AI score0.00063EPSS

CVE•added 2015/09/18 12:0 p.m.•49 views

CVE-2015-5882

The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.

7.2CVSS5.8AI score0.00067EPSS

CVE•added 2015/10/23 9:59 p.m.•49 views

CVE-2015-6994

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.

7.1CVSS7.5AI score0.01596EPSS

CVE•added 2015/10/23 9:59 p.m.•49 views

CVE-2015-6996

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

6.8CVSS7.2AI score0.06119EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7039

6.8CVSS9AI score0.27364EPSS

Total number of security vulnerabilities386