CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4778 264 DoS Exec Code Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
2 CVE-2016-4777 264 DoS Exec Code 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
3 CVE-2016-4776 125 DoS +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
4 CVE-2016-4774 125 DoS +Info 2016-09-25 2016-09-27
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
5 CVE-2016-4773 125 DoS +Info 2016-09-25 2016-09-27
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
6 CVE-2016-4772 399 DoS 2016-09-25 2016-09-27
5.0
None Remote Low Not required None None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
7 CVE-2016-4771 200 Bypass +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
8 CVE-2016-4768 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
9 CVE-2016-4767 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
10 CVE-2016-4766 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
11 CVE-2016-4765 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
12 CVE-2016-4763 310 +Info 2016-09-25 2016-09-27
4.9
None Remote Medium Single system Partial Partial None
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
13 CVE-2016-4762 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
14 CVE-2016-4760 284 2016-09-25 2016-09-27
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
15 CVE-2016-4759 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
16 CVE-2016-4758 200 +Info 2016-09-25 2016-09-27
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
17 CVE-2016-4753 20 Exec Code 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
18 CVE-2016-4750 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
19 CVE-2016-4749 200 +Info 2016-09-18 2016-09-26
2.1
None Local Low Not required Partial None None
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
20 CVE-2016-4747 200 +Info 2016-09-18 2016-09-26
4.3
None Remote Medium Not required Partial None None
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
21 CVE-2016-4746 200 +Info 2016-09-18 2016-09-26
5.0
None Remote Low Not required Partial None None
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
22 CVE-2016-4741 254 2016-09-18 2016-09-26
4.3
None Remote Medium Not required None None Partial
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
23 CVE-2016-4740 200 +Info 2016-09-18 2016-09-26
1.9
None Local Medium Not required Partial None None
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
24 CVE-2016-4738 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
25 CVE-2016-4737 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
26 CVE-2016-4735 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
27 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
28 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
29 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
30 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
31 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
32 CVE-2016-4728 20 Exec Code 2016-09-25 2016-09-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
33 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
34 CVE-2016-4725 119 DoS Overflow Mem. Corr. +Info 2016-09-25 2016-09-27
5.8
None Remote Medium Not required Partial None Partial
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
35 CVE-2016-4724 476 DoS Exec Code 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
36 CVE-2016-4722 20 +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and obtain sensitive information via unspecified vectors.
37 CVE-2016-4719 200 +Info 2016-09-18 2016-09-26
4.3
None Remote Medium Not required Partial None None
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
38 CVE-2016-4718 119 Overflow +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
39 CVE-2016-4712 787 DoS Exec Code 2016-09-25 2016-09-26
9.3
None Remote Medium Not required Complete Complete Complete
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
40 CVE-2016-4711 20 2016-09-25 2016-09-26
5.0
None Remote Low Not required Partial None None
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
41 CVE-2016-4708 200 +Info 2016-09-25 2016-09-26
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
42 CVE-2016-4707 19 2016-09-25 2016-09-26
2.1
None Local Low Not required None None Partial
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
43 CVE-2016-4702 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-27
10.0
None Remote Low Not required Complete Complete Complete
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
44 CVE-2016-4698 20 Exec Code 2016-09-25 2016-09-27
9.3
None Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
45 CVE-2016-4658 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-09-26
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
46 CVE-2016-4657 119 DoS Exec Code Overflow Mem. Corr. 2016-08-25 2016-08-26
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
47 CVE-2016-4656 264 DoS Exec Code Mem. Corr. 2016-08-25 2016-08-26
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
48 CVE-2016-4655 200 +Info 2016-08-25 2016-09-20
7.1
None Remote Medium Not required Complete None None
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
49 CVE-2016-4654 119 DoS Exec Code Overflow Mem. Corr. 2016-08-18 2016-08-19
9.3
None Remote Medium Not required Complete Complete Complete
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
50 CVE-2016-4653 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-07-28
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
Total number of vulnerabilities : 974   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.