iOS

CVEs (2,979)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-3782	Apple Inc. iOS	—	0.01	Aug 16, 2015	CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
CVE-2015-3778	Apple Inc. iOS	—	0.00	Aug 16, 2015	bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3776	Apple Inc. iOS	—	0.01	Aug 16, 2015	IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2015-3768	Apple Inc. iOS	—	0.01	Aug 16, 2015	Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
CVE-2015-3766	Apple Inc. iOS	—	0.01	Aug 16, 2015	The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3759	Apple Inc. iOS	—	0.00	Aug 16, 2015	Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
CVE-2015-3758	Apple Inc. iOS	—	0.00	Aug 16, 2015	UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
CVE-2015-3756	Apple Inc. iOS	—	0.00	Aug 16, 2015	The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
CVE-2015-3755	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
CVE-2015-3753	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image…
CVE-2015-3752	Apple Inc. Safari	—	0.02	Aug 16, 2015	The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain…
CVE-2015-3751	Apple Inc. Safari	—	0.02	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an…
CVE-2015-3750	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows…
CVE-2015-3749	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3748	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3747	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3746	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3745	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3744	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3743	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…

CVE-2015-3782Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
CVE-2015-3778Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3776Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2015-3768Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
CVE-2015-3766Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3759Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
CVE-2015-3758Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
CVE-2015-3756Aug 16, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
CVE-2015-3755Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
CVE-2015-3753Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image…
CVE-2015-3752Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.02
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain…
CVE-2015-3751Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an…
CVE-2015-3750Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows…
CVE-2015-3749Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3748Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3747Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3746Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3745Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3744Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…
CVE-2015-3743Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…

Page 129 of 149