Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 143 of 197
CVE-2016-4772HIGHCVSS 7.5fixed in 10.02016-09-25
CVE-2016-4772 [HIGH] CWE-399 CVE-2016-4772: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows re
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
nvd
CVE-2016-4762HIGHCVSS 8.8≤ 9.3.52016-09-25
CVE-2016-4762 [HIGH] CWE-119 CVE-2016-4762: WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Sa
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2016-4698HIGHCVSS 7.8≤ 9.3.52016-09-25
CVE-2016-4698 [HIGH] CWE-20 CVE-2016-4698: AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement
AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2016-4766HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4766 [HIGH] CVE-2016-4766: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
nvd
CVE-2016-4737HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4737 [HIGH] CWE-119 CVE-2016-4737: WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2016-4730HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4730 [HIGH] CVE-2016-4730: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
nvd
CVE-2016-4768HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4768 [HIGH] CVE-2016-4768: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
nvd
CVE-2016-4759HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4759 [HIGH] CWE-119 CVE-2016-4759: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
nvd
CVE-2016-4611HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4611 [HIGH] CWE-119 CVE-2016-4611: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
nvd
CVE-2016-4767HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4767 [HIGH] CVE-2016-4767: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
nvd
CVE-2016-4724HIGHCVSS 7.8≤ 9.3.52016-09-25
CVE-2016-4724 [HIGH] CWE-476 CVE-2016-4724: IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitra
IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2016-4776HIGHCVSS 7.1fixed in 10.02016-09-25
CVE-2016-4776 [HIGH] CVE-2016-4776: The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.
nvd
CVE-2016-4728HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4728 [HIGH] CWE-20 CVE-2016-4728: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
nvd
CVE-2016-4711HIGHCVSS 7.5≤ 9.3.52016-09-25
CVE-2016-4711 [HIGH] CWE-20 CVE-2016-4711: CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers t
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
nvd
CVE-2016-4765HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4765 [HIGH] CVE-2016-4765: WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
nvd
CVE-2016-4750HIGHCVSS 7.8≤ 9.3.52016-09-25
CVE-2016-4750 [HIGH] CWE-119 CVE-2016-4750: S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in
S2 Camera in Apple iOS before 10 and OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2016-4725HIGHCVSS 8.1fixed in 10.02016-09-25
CVE-2016-4725 [HIGH] CWE-119 CVE-2016-4725: IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2016-4712HIGHCVSS 7.8fixed in 10.02016-09-25
CVE-2016-4712 [HIGH] CWE-787 CVE-2016-4712: CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows at
CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
nvd
CVE-2016-4738HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4738 [HIGH] CWE-119 CVE-2016-4738: libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remot
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2016-4735HIGHCVSS 8.8fixed in 10.02016-09-25
CVE-2016-4735 [HIGH] CVE-2016-4735: WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execu
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734.
nvd