iOS

CVEs (1,607)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-3684	Apple Inc. Mac Os X	—	0.02	Jul 3, 2015	The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
CVE-2015-3659	Apple Inc. Mac Os X	—	0.01	Jul 3, 2015	The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute…
CVE-2015-3658	Apple Inc. Mac Os X	—	0.00	Jul 3, 2015	The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for…
CVE-2015-1125	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
CVE-2015-1124	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1123	Apple Inc. Webkit	—	0.02	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-1122	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1120	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1119	Apple Inc. Safari	—	0.01	Apr 10, 2015	WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1118	Apple Inc. Mac Os X	—	0.01	Apr 10, 2015	libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117	Apple Inc. Mac Os X	—	0.00	Apr 10, 2015	The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1116	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
CVE-2015-1115	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
CVE-2015-1114	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
CVE-2015-1113	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
CVE-2015-1110	Apple Inc. Iphone Os	—	0.01	Apr 10, 2015	The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
CVE-2015-1109	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
CVE-2015-1108	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1107	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1106	Apple Inc. Iphone Os	—	0.00	Apr 10, 2015	The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

CVE-2015-3684Jul 3, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
CVE-2015-3659Jul 3, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute…
CVE-2015-3658Jul 3, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for…
CVE-2015-1125Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.
CVE-2015-1124Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1123Apr 10, 2015
Apple Inc.
Webkit
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-1122Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1120Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1119Apr 10, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…
CVE-2015-1118Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
CVE-2015-1117Apr 10, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…
CVE-2015-1116Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.
CVE-2015-1115Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
CVE-2015-1114Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.
CVE-2015-1113Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.
CVE-2015-1110Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
CVE-2015-1109Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.
CVE-2015-1108Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1107Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2015-1106Apr 10, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.

Page 74 of 81