iOS

CVEs (1,284)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-1122	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1120	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1119	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1118	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1116	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
CVE-2015-1115	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
CVE-2015-1114	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
CVE-2015-1113	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
CVE-2015-1110	Apple Inc. Iphone Os	—	0.01	Apr 10, 2015	The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
CVE-2015-1109	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
CVE-2015-1108	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1107	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1106	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
CVE-2015-1105	Apple Inc. Mac Os X	—	0.06	Apr 10, 2015	The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-1104	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1103	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a…
CVE-2015-1102	Apple Inc. Mac Os X	—	0.02	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1101	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-1099	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

CVE-2015-1122Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1120Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1119Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1118Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1116Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
CVE-2015-1115Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
CVE-2015-1114Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
CVE-2015-1113Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
CVE-2015-1110Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
CVE-2015-1109Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
CVE-2015-1108Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1107Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1106Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.
CVE-2015-1105Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.06
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-1104Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.
CVE-2015-1103Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a…
CVE-2015-1102Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1101Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-1099Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

Page 62 of 65