CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities Published In 2016 (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4776 125 DoS +Info 2016-09-25 2018-10-30
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
2 CVE-2016-4774 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
3 CVE-2016-4773 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
4 CVE-2016-4771 200 Bypass +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
5 CVE-2016-4763 310 +Info 2016-09-25 2017-07-29
4.9
None Remote Medium Single system Partial Partial None
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
6 CVE-2016-4758 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
7 CVE-2016-4749 200 +Info 2016-09-18 2017-08-12
2.1
None Local Low Not required Partial None None
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
8 CVE-2016-4747 200 +Info 2016-09-18 2017-08-12
4.3
None Remote Medium Not required Partial None None
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
9 CVE-2016-4746 200 +Info 2016-09-18 2017-08-12
5.0
None Remote Low Not required Partial None None
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
10 CVE-2016-4740 200 +Info 2016-09-18 2017-08-12
1.9
None Local Medium Not required Partial None None
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
11 CVE-2016-4725 119 DoS Overflow Mem. Corr. +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
12 CVE-2016-4719 200 +Info 2016-09-18 2017-08-12
4.3
None Remote Medium Not required Partial None None
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
13 CVE-2016-4718 119 Overflow +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
14 CVE-2016-4708 200 +Info 2016-09-25 2017-07-29
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
15 CVE-2016-4655 200 +Info 2016-08-25 2018-06-07
7.1
None Remote Medium Not required Complete None None
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
16 CVE-2016-4635 200 +Info 2016-07-21 2017-08-31
3.5
None Remote Medium Single system Partial None None
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
17 CVE-2016-4628 125 DoS +Info 2016-07-21 2017-08-31
4.9
None Local Low Not required Complete None None
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
18 CVE-2016-4620 200 +Info 2016-09-18 2017-08-12
4.3
None Remote Medium Not required Partial None None
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
19 CVE-2016-4603 254 Bypass +Info 2016-07-21 2017-08-31
4.3
None Remote Medium Not required Partial None None
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
20 CVE-2016-4593 200 +Info 2016-07-21 2017-08-31
2.1
None Local Low Not required Partial None None
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
21 CVE-2016-1864 200 XSS +Info 2016-06-19 2017-08-31
5.0
None Remote Low Not required Partial None None
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
22 CVE-2016-1858 200 +Info 2016-05-20 2018-10-09
4.3
None Remote Medium Not required Partial None None
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
23 CVE-2016-1852 200 +Info 2016-05-20 2016-12-02
2.1
None Local Low Not required Partial None None
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.
24 CVE-2016-1849 200 +Info 2016-05-20 2016-11-30
2.1
None Local Low Not required Partial None None
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
25 CVE-2016-1842 284 +Info 2016-05-20 2016-12-01
5.0
None Remote Low Not required Partial None None
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
26 CVE-2016-1807 362 +Info 2016-05-20 2016-11-30
2.6
None Remote High Not required Partial None None
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
27 CVE-2016-1802 200 +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
28 CVE-2016-1801 200 +Info 2016-05-20 2016-11-30
5.0
None Remote Low Not required Partial None None
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
29 CVE-2016-1790 119 Overflow +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
30 CVE-2016-1786 200 Bypass +Info 2016-03-23 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
31 CVE-2016-1785 200 Bypass +Info 2016-03-23 2018-10-09
4.3
None Remote Medium Not required Partial None None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
32 CVE-2016-1780 200 +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
33 CVE-2016-1779 200 Bypass +Info 2016-03-23 2018-10-09
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
34 CVE-2016-1763 20 +Info 2016-03-23 2016-12-02
3.5
None Remote Medium Single system Partial None None
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
35 CVE-2016-1758 119 DoS Overflow +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
36 CVE-2016-1748 200 +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
37 CVE-2016-1728 200 +Info 2016-02-01 2018-10-09
4.3
None Remote Medium Not required Partial None None
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
38 CVE-2015-7116 119 DoS Overflow Mem. Corr. +Info 2016-01-09 2016-01-11
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.
39 CVE-2015-7115 119 DoS Overflow Mem. Corr. +Info 2016-01-09 2016-01-11
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.