Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 139 of 197
CVE-2016-7643HIGHCVSS 8.1≤ 10.1.12017-02-20
CVE-2016-7643 [HIGH] CWE-125 CVE-2016-7643: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafte
nvd
CVE-2016-7632HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7632 [HIGH] CWE-119 CVE-2016-7632: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7652HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7652 [HIGH] CWE-119 CVE-2016-7652: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7589HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7589 [HIGH] CWE-119 CVE-2016-7589: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruptio
nvd
CVE-2016-7661HIGHCVSS 7.8PoC≤ 10.1.12017-02-20
CVE-2016-7661 [HIGH] CWE-264 CVE-2016-7661: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
nvd
CVE-2016-4669HIGHCVSS 7.8PoCfixed in 10.12017-02-20
CVE-2016-4669 [HIGH] CWE-20 CVE-2016-4669: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system c
nvd
CVE-2016-7655HIGHCVSS 7.8≤ 10.1.12017-02-20
CVE-2016-7655 [HIGH] CWE-704 CVE-2016-7655: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.
nvd
CVE-2016-7640HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7640 [HIGH] CWE-119 CVE-2016-7640: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7594HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7594 [HIGH] CWE-119 CVE-2016-7594: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
nvd
CVE-2016-4693HIGHCVSS 7.5≤ 10.1.12017-02-20
CVE-2016-4693 [HIGH] CWE-326 CVE-2016-4693: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
nvd
CVE-2016-7610HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7610 [HIGH] CWE-119 CVE-2016-7610: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2016-7595HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7595 [HIGH] CWE-119 CVE-2016-7595: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
nvd
CVE-2016-7644HIGHCVSS 7.8PoC≤ 10.1.12017-02-20
CVE-2016-7644 [HIGH] CWE-416 CVE-2016-7644: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
nvd
CVE-2016-7639HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7639 [HIGH] CWE-119 CVE-2016-7639: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd
CVE-2017-2362HIGHCVSS 8.8PoC≤ 10.2.02017-02-20
CVE-2017-2362 [HIGH] CWE-119 CVE-2017-2362: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
nvd
CVE-2017-2366HIGHCVSS 8.8≤ 10.2.02017-02-20
CVE-2017-2366 [HIGH] CWE-119 CVE-2017-2366: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a
nvd
CVE-2016-4764HIGHCVSS 8.8≤ 9.3.52017-02-20
CVE-2016-4764 [HIGH] CWE-119 CVE-2016-4764: An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is af
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web
nvd
CVE-2016-4675HIGHCVSS 7.8fixed in 10.12017-02-20
CVE-2016-4675 [HIGH] CWE-264 CVE-2016-4675: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2016-7621HIGHCVSS 7.8PoC≤ 10.1.12017-02-20
CVE-2016-7621 [HIGH] CWE-416 CVE-2016-7621: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
nvd
CVE-2016-7646HIGHCVSS 8.8≤ 10.1.12017-02-20
CVE-2016-7646 [HIGH] CWE-119 CVE-2016-7646: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra
nvd