Apple » Iphone Os : Security Vulnerabilities, CVEs, Published In 2015 (Gain Privilege) CVSS score >= 4

AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.