iOS

CVEs (1,316)

• CVE-2015-5769Aug 17, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.01

  The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.

• CVE-2015-5766Aug 17, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.00

  Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.

• CVE-2015-5761Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.03

  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

• CVE-2015-5759Aug 17, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.00

  WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.

• CVE-2015-5758Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.03

  ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

• CVE-2015-5757Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.01

  libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.

• CVE-2015-5756Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.02

  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

• CVE-2015-5755Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.03

  CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

• CVE-2015-5752Aug 17, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.00

  Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

• CVE-2015-5749Aug 17, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.00

  The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

• CVE-2015-5746Aug 17, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.00

  AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.

• CVE-2015-3806Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

• CVE-2015-3805Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.00

  Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

• CVE-2015-3804Aug 17, 2015
  Apple Inc.

  Mac Os X
  risk 0.00cvss —epss 0.02

  FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.

• CVE-2015-3756Aug 16, 2015
  Apple Inc.

  Iphone Os
  risk 0.00cvss —epss 0.00

  The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.

• CVE-2015-3755Aug 16, 2015
  Apple Inc.

  Safari
  risk 0.00cvss —epss 0.01

  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.

• CVE-2015-3753Aug 16, 2015
  Apple Inc.

  Safari
  risk 0.00cvss —epss 0.01

  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image…

• CVE-2015-3752Aug 16, 2015
  Canonical

  Ubuntu Linux
  risk 0.00cvss —epss 0.02

  The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain…

• CVE-2015-3751Aug 16, 2015
  Apple Inc.

  Safari
  risk 0.00cvss —epss 0.02

  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an…

• CVE-2015-3750Aug 16, 2015
  Apple Inc.

  Safari
  risk 0.00cvss —epss 0.01

  WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows…