AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-12-11
Updated
2019-03-08
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.11%
Published
2015-09-18
Updated
2016-12-22
SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-09-18
Updated
2016-12-22
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
4.3
EPSS Score
0.37%
Published
2015-09-18
Updated
2016-12-22
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
Max CVSS
5.0
EPSS Score
0.19%
Published
2015-08-17
Updated
2016-12-24
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-08-17
Updated
2016-12-24
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.
Max CVSS
4.4
EPSS Score
0.16%
Published
2015-04-10
Updated
2017-01-03
8 vulnerabilities found