CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2016-4734 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
202 CVE-2016-4733 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.
203 CVE-2016-4731 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
204 CVE-2016-4730 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
205 CVE-2016-4729 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731.
206 CVE-2016-4728 20 Exec Code 2016-09-25 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
207 CVE-2016-4726 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
208 CVE-2016-4725 119 DoS Overflow Mem. Corr. +Info 2016-09-25 2016-11-28
5.8
None Remote Medium Not required Partial None Partial
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
209 CVE-2016-4724 476 DoS Exec Code 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
210 CVE-2016-4722 20 DoS 2016-09-25 2016-11-28
7.1
None Remote Medium Not required None None Complete
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
211 CVE-2016-4721 254 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
212 CVE-2016-4719 200 +Info 2016-09-18 2016-11-28
4.3
None Remote Medium Not required Partial None None
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
213 CVE-2016-4718 119 Overflow +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
214 CVE-2016-4712 787 DoS Exec Code 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
215 CVE-2016-4711 20 2016-09-25 2016-11-28
5.0
None Remote Low Not required Partial None None
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
216 CVE-2016-4708 200 +Info 2016-09-25 2016-11-28
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
217 CVE-2016-4707 19 2016-09-25 2016-11-28
2.1
None Local Low Not required None None Partial
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
218 CVE-2016-4702 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
219 CVE-2016-4698 20 Exec Code 2016-09-25 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
220 CVE-2016-4693 326 Bypass 2017-02-20 2017-02-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
221 CVE-2016-4692 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
222 CVE-2016-4691 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
223 CVE-2016-4690 20 Exec Code 2017-02-20 2017-02-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.
224 CVE-2016-4689 254 2017-02-20 2017-02-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.
225 CVE-2016-4686 264 2017-02-20 2017-02-21
3.6
None Local Low Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.
226 CVE-2016-4685 326 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
227 CVE-2016-4680 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
228 CVE-2016-4679 59 2017-02-20 2017-02-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
229 CVE-2016-4677 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
230 CVE-2016-4675 264 Exec Code 2017-02-20 2017-02-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
231 CVE-2016-4673 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
232 CVE-2016-4670 255 2017-02-20 2017-02-21
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.
233 CVE-2016-4669 20 DoS Exec Code 2017-02-20 2017-02-21
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
234 CVE-2016-4666 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
235 CVE-2016-4665 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.
236 CVE-2016-4664 200 +Info 2017-02-20 2017-02-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.
237 CVE-2016-4660 200 DoS +Info 2017-02-20 2017-02-21
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font.
238 CVE-2016-4658 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
239 CVE-2016-4657 119 DoS Exec Code Overflow Mem. Corr. 2016-08-25 2017-03-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
240 CVE-2016-4656 264 DoS Exec Code Mem. Corr. 2016-08-25 2017-03-14
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
241 CVE-2016-4655 200 +Info 2016-08-25 2017-03-14
7.1
None Remote Medium Not required Complete None None
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
242 CVE-2016-4654 119 DoS Exec Code Overflow Mem. Corr. 2016-08-18 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
243 CVE-2016-4653 119 DoS Overflow +Priv Mem. Corr. 2016-07-21 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
244 CVE-2016-4651 79 XSS 2016-07-21 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.
245 CVE-2016-4637 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
246 CVE-2016-4635 200 +Info 2016-07-21 2016-11-28
3.5
None Remote Medium Single system Partial None None
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
247 CVE-2016-4632 119 DoS Overflow 2016-07-21 2016-11-28
5.0
None Remote Low Not required None None Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
248 CVE-2016-4631 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
249 CVE-2016-4628 125 DoS +Info 2016-07-21 2016-11-28
4.9
None Local Low Not required Complete None None
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
250 CVE-2016-4627 476 DoS +Priv 2016-07-21 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Total number of vulnerabilities : 1176   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.