CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-2371 254 2017-02-20 2017-02-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
2 CVE-2017-2368 20 DoS 2017-02-20 2017-02-22
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.
3 CVE-2017-2365 200 Bypass +Info 2017-02-20 2017-02-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
4 CVE-2017-2364 200 Bypass +Info 2017-02-20 2017-02-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
5 CVE-2017-2363 200 Bypass +Info 2017-02-20 2017-02-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
6 CVE-2017-2361 79 XSS 2017-02-20 2017-02-24
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
7 CVE-2017-2359 254 2017-02-20 2017-02-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the "Safari" component, which allows remote attackers to spoof the address bar via a crafted web site.
8 CVE-2017-2357 200 +Info 2017-02-20 2017-02-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
9 CVE-2017-2350 200 Bypass +Info 2017-02-20 2017-02-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
10 CVE-2016-7762 79 XSS 2017-02-20 2017-02-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.
11 CVE-2016-7666 200 +Info 2017-02-20 2017-02-22
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB.
12 CVE-2016-7665 20 DoS 2017-02-20 2017-02-22
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video.
13 CVE-2016-7657 20 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
14 CVE-2016-7651 285 Bypass 2017-02-20 2017-02-22
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
15 CVE-2016-7636 20 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
16 CVE-2016-7627 476 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.
17 CVE-2016-7623 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site.
18 CVE-2016-7615 DoS 2017-02-20 2017-02-21
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.
19 CVE-2016-7609 476 DoS 2017-02-20 2017-02-21
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
20 CVE-2016-7607 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.
21 CVE-2016-7605 476 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
22 CVE-2016-7604 476 DoS 2017-02-20 2017-02-21
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreCapture" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
23 CVE-2016-7603 476 DoS 2017-02-20 2017-02-21
4.9
None Local Low Not required None None Complete
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "CoreStorage" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
24 CVE-2016-7601 254 2017-02-20 2017-02-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.
25 CVE-2016-7599 200 Bypass +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects.
26 CVE-2016-7598 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
27 CVE-2016-7592 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site.
28 CVE-2016-7586 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
29 CVE-2016-7583 264 +Priv 2017-02-20 2017-02-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory.
30 CVE-2016-7581 20 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.
31 CVE-2016-7580 20 DoS 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL.
32 CVE-2016-7579 254 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
33 CVE-2016-7577 200 Mem. Corr. +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.
34 CVE-2016-4781 254 Bypass 2017-02-20 2017-02-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.
35 CVE-2016-4776 125 DoS +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
36 CVE-2016-4771 200 Bypass +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
37 CVE-2016-4763 310 +Info 2016-09-25 2016-11-28
4.9
None Remote Medium Single system Partial Partial None
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
38 CVE-2016-4760 284 2016-09-25 2016-11-28
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
39 CVE-2016-4758 200 +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
40 CVE-2016-4752 200 +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.
41 CVE-2016-4751 254 2016-09-25 2016-11-28
4.3
None Remote Medium Not required None Partial None
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.
42 CVE-2016-4748 254 Bypass 2016-09-25 2016-11-28
4.6
None Local Low Not required Partial Partial Partial
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
43 CVE-2016-4747 200 +Info 2016-09-18 2016-11-28
4.3
None Remote Medium Not required Partial None None
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
44 CVE-2016-4742 200 +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app.
45 CVE-2016-4741 254 2016-09-18 2016-11-28
4.3
None Remote Medium Not required None None Partial
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
46 CVE-2016-4739 200 +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.
47 CVE-2016-4721 254 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
48 CVE-2016-4719 200 +Info 2016-09-18 2016-11-28
4.3
None Remote Medium Not required Partial None None
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
49 CVE-2016-4718 119 Overflow +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
50 CVE-2016-4715 200 +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.
Total number of vulnerabilities : 591   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.