Apple iOS vulnerabilities

3,940 known vulnerabilities affecting apple/iphone_os.

Total CVEs

3,940

CISA KEV

actively exploited

Public exploits

248

Exploited in wild

Severity breakdown

CRITICAL313HIGH1610MEDIUM1730LOW287

Vulnerabilities

Page 145 of 197

CVE-2016-4740LOWCVSS 2.9≤ 9.3.52016-09-18

CVE-2016-4740 [LOW] CWE-200 CVE-2016-4740: Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has o Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.

nvd

CVE-2016-4747LOWCVSS 3.7≤ 9.3.52016-09-18

CVE-2016-4747 [LOW] CWE-200 CVE-2016-4747: Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle att Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

nvd

CVE-2016-4656HIGHCVSS 7.8KEVPoCfixed in 9.3.52016-08-25

CVE-2016-4656 [HIGH] CWE-787 CVE-2016-4656: The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged cont The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2016-4657HIGHCVSS 8.8KEVPoCfixed in 9.3.52016-08-25

CVE-2016-4657 [HIGH] CWE-787 CVE-2016-4657: WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

nvd

CVE-2016-4655MEDIUMCVSS 5.5KEVPoCfixed in 9.3.5v10.02016-08-25

CVE-2016-4655 [MEDIUM] CVE-2016-4655: The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory vi The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

nvd

CVE-2016-4654HIGHCVSS 7.8v9.3.32016-08-18

CVE-2016-4654 [HIGH] CWE-119 CVE-2016-4654: IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privil IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2016-5131HIGHCVSS 8.8fixed in 10.02016-07-23

CVE-2016-5131 [HIGH] CWE-416 CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

nvd

CVE-2016-4616CRITICALCVSS 9.8fixed in 9.3.32016-07-22

CVE-2016-4616 [CRITICAL] CVE-2016-4616: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461

nvd

CVE-2016-4615CRITICALCVSS 9.8fixed in 9.3.32016-07-22

CVE-2016-4615 [CRITICAL] CVE-2016-4615: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461

nvd

CVE-2016-4607CRITICALCVSS 9.8fixed in 9.3.32016-07-22

CVE-2016-4607 [CRITICAL] CWE-119 CVE-2016-4607: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-

nvd

CVE-2016-4614CRITICALCVSS 9.8fixed in 9.3.32016-07-22

CVE-2016-4614 [CRITICAL] CWE-787 CVE-2016-4614: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-

nvd

CVE-2016-4609CRITICALCVSS 9.8fixed in 9.3.32016-07-22

CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460

nvd

CVE-2016-4631HIGHCVSS 8.8fixed in 9.3.32016-07-22

CVE-2016-4631 [HIGH] CWE-119 CVE-2016-4631: ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

nvd

CVE-2016-4594HIGHCVSS 7.8fixed in 9.3.32016-07-22

CVE-2016-4594 [HIGH] CWE-20 CVE-2016-4594: The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, an The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.

nvd

CVE-2016-4626HIGHCVSS 7.8fixed in 9.3.32016-07-22

CVE-2016-4626 [HIGH] CWE-476 CVE-2016-4626: IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2. IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

nvd

CVE-2016-1863HIGHCVSS 7.8PoCfixed in 9.3.32016-07-22

CVE-2016-1863 [HIGH] CWE-416 CVE-2016-1863: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

nvd

CVE-2016-4624HIGHCVSS 8.8fixed in 9.3.32016-07-22

CVE-2016-4624 [HIGH] CVE-2016-4624: WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.

nvd

CVE-2016-4582HIGHCVSS 7.8fixed in 9.3.32016-07-22

CVE-2016-4582 [HIGH] CVE-2016-4582: The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

nvd

CVE-2016-4637HIGHCVSS 8.8fixed in 9.3.32016-07-22

CVE-2016-4637 [HIGH] CWE-119 CVE-2016-4637: CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2 CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.

nvd

CVE-2016-4622HIGHCVSS 8.8fixed in 9.3.32016-07-22

CVE-2016-4622 [HIGH] CVE-2016-4622: WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

nvd

← Previous145 / 197Next →