The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
Max CVSS
10.0
EPSS Score
0.84%
Published
2015-12-11
Updated
2016-12-07
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-12-11
Updated
2019-03-08
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-12-11
Updated
2019-03-08
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2017-09-13
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2019-03-08
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2019-03-08
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2019-03-08
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-12-11
Updated
2019-03-08
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
Max CVSS
9.3
EPSS Score
0.17%
Published
2015-12-11
Updated
2016-12-07
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
Max CVSS
9.3
EPSS Score
0.17%
Published
2015-12-11
Updated
2016-12-07
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2019-03-25
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2019-03-08
MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2019-03-08
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-12-11
Updated
2019-03-08
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
Max CVSS
7.5
EPSS Score
3.34%
Published
2015-11-22
Updated
2017-07-01
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
Max CVSS
7.1
EPSS Score
0.14%
Published
2015-10-23
Updated
2016-12-24
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.
Max CVSS
7.1
EPSS Score
0.21%
Published
2015-10-23
Updated
2016-12-24
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
Max CVSS
10.0
EPSS Score
3.61%
Published
2015-10-23
Updated
2016-12-24
com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion."
Max CVSS
9.3
EPSS Score
0.22%
Published
2015-10-23
Updated
2016-12-24
Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.
Max CVSS
8.8
EPSS Score
0.64%
Published
2015-10-23
Updated
2016-12-24
GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-10-23
Updated
2016-12-24
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
Max CVSS
7.5
EPSS Score
3.12%
Published
2015-10-23
Updated
2016-12-24
IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Max CVSS
9.3
EPSS Score
0.27%
Published
2015-10-23
Updated
2016-12-24