Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 138 of 197
CVE-2017-2356HIGHCVSS 8.8fixed in 10.2.12017-02-20
CVE-2017-2356 [HIGH] CWE-119 CVE-2017-2356: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt
nvd
CVE-2016-7635HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7635 [HIGH] CWE-119 CVE-2016-7635: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-4691HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-4691 [HIGH] CWE-119 CVE-2016-4691: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
nvd
CVE-2016-7612HIGHCVSS 7.8PoC≤ 10.1.12017-02-20
CVE-2016-7612 [HIGH] CWE-119 CVE-2016-7612: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2016-7578HIGHCVSS 8.8fixed in 10.12017-02-20
CVE-2016-7578 [HIGH] CWE-119 CVE-2016-7578: An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruptio
nvd
CVE-2017-2370HIGHCVSS 7.8PoCfixed in 10.2.12017-02-20
CVE-2017-2370 [HIGH] CWE-119 CVE-2017-2370: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted
nvd
CVE-2016-4743HIGHCVSS 7.1≤ 10.1.12017-02-20
CVE-2016-4743 [HIGH] CWE-119 CVE-2016-4743: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and ap
nvd
CVE-2017-2369HIGHCVSS 8.8PoCfixed in 10.2.12017-02-20
CVE-2017-2369 [HIGH] CWE-119 CVE-2017-2369: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
nvd
CVE-2016-7584HIGHCVSS 7.8≤ 10.0.32017-02-20
CVE-2016-7584 [HIGH] CWE-254 CVE-2016-7584: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
nvd
CVE-2016-7654HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7654 [HIGH] CWE-119 CVE-2016-7654: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7667HIGHCVSS 7.5≤ 10.1.12017-02-20
CVE-2016-7667 [HIGH] CWE-20 CVE-2016-7667: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
nvd
CVE-2016-4677HIGHCVSS 8.8fixed in 10.12017-02-20
CVE-2016-4677 [HIGH] CWE-119 CVE-2016-4677: An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
nvd
CVE-2016-7660HIGHCVSS 7.8PoC≤ 10.1.12017-02-20
CVE-2016-7660 [HIGH] CWE-264 CVE-2016-7660: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
nvd
CVE-2016-4692HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-4692 [HIGH] CWE-119 CVE-2016-4692: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7613HIGHCVSS 7.8≤ 10.0.32017-02-20
CVE-2016-7613 [HIGH] CWE-264 CVE-2016-7613: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling dur
nvd
CVE-2016-7606HIGHCVSS 7.8≤ 10.1.12017-02-20
CVE-2016-7606 [HIGH] CWE-119 CVE-2016-7606: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2017-2355HIGHCVSS 8.8fixed in 10.2.12017-02-20
CVE-2017-2355 [HIGH] CWE-119 CVE-2017-2355: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized
nvd
CVE-2016-7587HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7587 [HIGH] CWE-119 CVE-2016-7587: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7645HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7645 [HIGH] CWE-119 CVE-2016-7645: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7659HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7659 [HIGH] CWE-119 CVE-2016-7659: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file.
nvd