Apple iOS vulnerabilities

CVE-2016-7762 [MEDIUM] CWE-79 CVE-2016-7762: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.

CVE-2016-7665 [MEDIUM] CWE-20 CVE-2016-7665: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video.

CVE-2017-2363 [MEDIUM] CWE-200 CVE-2017-2363: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CVE-2016-7638 [MEDIUM] CWE-254 CVE-2016-7638: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication.

CVE-2016-7577 [LOW] CWE-200 CVE-2016-7577: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

CVE-2016-4665 [LOW] CWE-200 CVE-2016-4665: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

CVE-2016-7653 [LOW] CWE-200 CVE-2016-7653: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Media Player" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access.

CVE-2016-7657 [LOW] CWE-20 CVE-2016-7657: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

CVE-2016-7765 [LOW] CWE-200 CVE-2016-7765: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents.

CVE-2016-7714 [LOW] CWE-200 CVE-2016-7714: An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

CVE-2016-7664 [LOW] CWE-200 CVE-2016-7664: An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access.

CVE-2017-2351 [LOW] CWE-20 CVE-2017-2351: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors.

CVE-2016-4670 [LOW] CWE-255 CVE-2016-4670: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

CVE-2016-4664 [LOW] CWE-200 CVE-2016-4664: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.

CVE-2016-4658 [CRITICAL] CWE-119 CVE-2016-4658: xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 1 xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

CVE-2016-4734 [CRITICAL] CVE-2016-4734: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.

CVE-2016-4702 [CRITICAL] CWE-119 CVE-2016-4702: Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVE-2016-4777 [HIGH] CWE-264 CVE-2016-4777: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.

CVE-2016-4731 [HIGH] CVE-2016-4731: WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.

CVE-2016-4773 [HIGH] CWE-125 CVE-2016-4773: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.