iOS

CVEs (1,517)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2014-8611	FreeBSD FreeBSD	—	0.00	Sep 18, 2015	The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
CVE-2015-5782	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5775	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5774	Apple Inc. Mac Os X	—	0.00	Aug 17, 2015	Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5770	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5769	Apple Inc. Iphone Os	—	0.01	Aug 17, 2015	The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
CVE-2015-5766	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
CVE-2015-5761	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
CVE-2015-5759	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
CVE-2015-5758	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
CVE-2015-5757	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
CVE-2015-5756	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
CVE-2015-5755	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
CVE-2015-5752	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
CVE-2015-5749	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
CVE-2015-5746	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.

CVE-2014-8611Sep 18, 2015
FreeBSD
FreeBSD
risk 0.00cvss —epss 0.00
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
CVE-2015-5782Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5775Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5774Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5770Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5769Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
CVE-2015-5766Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
CVE-2015-5761Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
CVE-2015-5759Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
CVE-2015-5758Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
CVE-2015-5757Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
CVE-2015-5756Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
CVE-2015-5755Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
CVE-2015-5752Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
CVE-2015-5749Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
CVE-2015-5746Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.

Page 68 of 76