Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 141 of 197
CVE-2016-4781MEDIUMCVSS 6.8≤ 10.1.12017-02-20
CVE-2016-4781 [MEDIUM] CWE-254 CVE-2016-4781: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.
nvd
CVE-2016-7586MEDIUMCVSS 6.5≤ 10.1.12017-02-20
CVE-2016-7586 [MEDIUM] CWE-200 CVE-2016-7586: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information via a crafted web site.
nvd
CVE-2017-2350MEDIUMCVSS 6.5fixed in 10.2.12017-02-20
CVE-2017-2350 [MEDIUM] CWE-200 CVE-2017-2350: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
nvd
CVE-2016-4685MEDIUMCVSS 5.9≤ 10.0.32017-02-20
CVE-2016-4685 [MEDIUM] CWE-326 CVE-2016-4685: An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.
nvd
CVE-2016-4721MEDIUMCVSS 5.9≤ 10.0.32017-02-20
CVE-2016-4721 [MEDIUM] CWE-254 CVE-2016-4721: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
nvd
CVE-2016-7601MEDIUMCVSS 6.8≤ 10.1.12017-02-20
CVE-2016-7601 [MEDIUM] CWE-254 CVE-2016-7601: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.
nvd
CVE-2016-7650MEDIUMCVSS 4.7≤ 10.1.12017-02-20
CVE-2016-7650 [MEDIUM] CWE-79 CVE-2016-7650: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.
nvd
CVE-2016-7598MEDIUMCVSS 6.5≤ 10.1.12017-02-20
CVE-2016-7598 [MEDIUM] CWE-200 CVE-2016-7598: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
nvd
CVE-2016-7591MEDIUMCVSS 6.5≤ 10.1.12017-02-20
CVE-2016-7591 [MEDIUM] CWE-416 CVE-2016-7591: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
nvd
CVE-2016-4690MEDIUMCVSS 6.8≤ 10.1.12017-02-20
CVE-2016-4690 [MEDIUM] CWE-20 CVE-2016-4690: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.
nvd
CVE-2016-7581MEDIUMCVSS 4.3≤ 10.0.32017-02-20
CVE-2016-7581 [MEDIUM] CWE-20 CVE-2016-7581: An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.
nvd
CVE-2016-4680MEDIUMCVSS 5.5fixed in 10.12017-02-20
CVE-2016-4680 [MEDIUM] CWE-200 CVE-2016-4680: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
nvd
CVE-2016-7579MEDIUMCVSS 5.9fixed in 10.12017-02-20
CVE-2016-7579 [MEDIUM] CWE-200 CVE-2016-7579: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
nvd
CVE-2016-7651MEDIUMCVSS 5.3≤ 10.1.12017-02-20
CVE-2016-7651 [MEDIUM] CWE-285 CVE-2016-7651: An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall.
nvd
CVE-2016-7636MEDIUMCVSS 5.9≤ 10.1.12017-02-20
CVE-2016-7636 [MEDIUM] CWE-20 CVE-2016-7636: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs.
nvd
CVE-2016-7627MEDIUMCVSS 6.5≤ 10.1.12017-02-20
CVE-2016-7627 [MEDIUM] CWE-476 CVE-2016-7627: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreGraphics" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font.
nvd
CVE-2016-7615MEDIUMCVSS 5.5≤ 10.1.12017-02-20
CVE-2016-7615 [MEDIUM] CVE-2016-7615: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors.
nvd
CVE-2016-7599MEDIUMCVSS 6.5≤ 10.1.12017-02-20
CVE-2016-7599 [MEDIUM] CWE-200 CVE-2016-7599: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP
nvd
CVE-2017-2368MEDIUMCVSS 5.5≤ 10.2.02017-02-20
CVE-2017-2368 [MEDIUM] CWE-20 CVE-2017-2368: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.
nvd
CVE-2016-7597MEDIUMCVSS 4.6≤ 10.1.12017-02-20
CVE-2016-7597 [MEDIUM] CWE-254 CVE-2016-7597: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.
nvd