CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities Published In 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-4480 59 Dir. Trav. 2015-01-30 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
2 CVE-2014-4486 DoS Exec Code 2015-01-30 2015-02-02
10.0
None Remote Low Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
3 CVE-2014-4487 119 Exec Code Overflow 2015-01-30 2015-11-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
4 CVE-2014-4488 19 Exec Code 2015-01-30 2015-11-17
10.0
None Remote Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
5 CVE-2014-4489 DoS Exec Code 2015-01-30 2015-11-17
10.0
None Remote Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
6 CVE-2014-4495 264 Bypass 2015-01-30 2015-11-17
10.0
None Remote Low Not required Complete Complete Complete
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
7 CVE-2015-5903 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.
8 CVE-2015-6988 Exec Code 2015-10-23 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
9 CVE-2015-7113 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
10.0
Admin Remote Low Not required Complete Complete Complete
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
10 CVE-2015-1061 94 Exec Code 2015-03-12 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
11 CVE-2015-3768 189 Exec Code Overflow 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
12 CVE-2015-3776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
13 CVE-2015-3795 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
14 CVE-2015-5757 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
15 CVE-2015-5844 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.
16 CVE-2015-5845 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846.
17 CVE-2015-5846 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.
18 CVE-2015-5867 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
19 CVE-2015-5876 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
20 CVE-2015-6974 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
21 CVE-2015-6979 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
22 CVE-2015-6986 Exec Code 2015-10-23 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion."
23 CVE-2015-7051 264 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
24 CVE-2015-7055 284 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
25 CVE-2015-7068 DoS Exec Code 2015-12-11 2017-09-12
9.3
Admin Remote Medium Not required Complete Complete Complete
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
26 CVE-2015-7069 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
27 CVE-2015-7070 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
28 CVE-2015-7072 20 Exec Code 2015-12-11 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
29 CVE-2015-7079 20 Exec Code 2015-12-11 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
30 CVE-2015-7109 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
31 CVE-2015-7111 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
32 CVE-2015-7112 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
33 CVE-2015-6983 2015-10-23 2016-12-23
8.8
None Remote Medium Not required None Complete Complete
Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
34 CVE-2015-1063 DoS 2015-03-12 2015-09-11
7.8
None Remote Low Not required None None Complete
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
35 CVE-2015-1157 17 DoS 2015-05-27 2016-11-28
7.8
None Remote Low Not required None None Complete
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
36 CVE-2014-4484 19 DoS Exec Code Mem. Corr. 2015-01-30 2015-11-17
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
37 CVE-2014-4485 119 DoS Exec Code Overflow 2015-01-30 2015-11-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
38 CVE-2014-4492 19 1 Exec Code 2015-01-30 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
39 CVE-2014-4493 264 2015-01-30 2015-11-17
7.5
None Remote Low Not required Partial Partial Partial
The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.
40 CVE-2014-8146 119 DoS Exec Code Overflow 2015-05-25 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
41 CVE-2015-1103 20 DoS +Info 2015-04-10 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
42 CVE-2015-3717 119 DoS Exec Code Overflow 2015-07-02 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
43 CVE-2015-3796 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-15
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
44 CVE-2015-3797 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3798.
45 CVE-2015-3798 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.
46 CVE-2015-3804 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
47 CVE-2015-5775 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
48 CVE-2015-5776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
49 CVE-2015-5874 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
50 CVE-2015-6975 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
Total number of vulnerabilities : 387   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.