Apple iOS vulnerabilities

3,940 known vulnerabilities affecting apple/iphone_os.

Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287

Vulnerabilities

Page 147 of 197
CVE-2016-1819HIGHCVSS 7.8PoCfixed in 9.3.22016-05-20
CVE-2016-1819 [HIGH] CVE-2016-1819: Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016
nvd
CVE-2016-1856HIGHCVSS 8.8fixed in 9.3.22016-05-20
CVE-2016-1856 [HIGH] CVE-2016-1856: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.
nvd
CVE-2016-1824HIGHCVSS 7.8fixed in 9.3.22016-05-20
CVE-2016-1824 [HIGH] CVE-2016-1824: IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2. IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
nvd
CVE-2016-1801HIGHCVSS 7.5fixed in 9.3.22016-05-20
CVE-2016-1801 [HIGH] CWE-200 CVE-2016-1801: The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2. The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2016-1854HIGHCVSS 8.8fixed in 9.3.22016-05-20
CVE-2016-1854 [HIGH] CWE-119 CVE-2016-1854: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
nvd
CVE-2016-1828HIGHCVSS 7.8PoCfixed in 9.3.22016-05-20
CVE-2016-1828 [HIGH] CVE-2016-1828: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2 The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
nvd
CVE-2016-1841HIGHCVSS 8.8fixed in 9.3.22016-05-20
CVE-2016-1841 [HIGH] CWE-119 CVE-2016-1841: libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befo libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2016-1823HIGHCVSS 7.8PoCfixed in 9.3.22016-05-20
CVE-2016-1823 [HIGH] CWE-125 CVE-2016-1823: The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a differ
nvd
CVE-2016-1834HIGHCVSS 7.8fixed in 9.3.22016-05-20
CVE-2016-1834 [HIGH] CWE-119 CVE-2016-1834: Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvd
CVE-2016-1803HIGHCVSS 7.8PoCfixed in 9.3.22016-05-20
CVE-2016-1803 [HIGH] CWE-476 CVE-2016-1803: CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2. CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2016-1855HIGHCVSS 8.8fixed in 9.3.22016-05-20
CVE-2016-1855 [HIGH] CVE-2016-1855: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.
nvd
CVE-2016-1830HIGHCVSS 7.8fixed in 9.3.22016-05-20
CVE-2016-1830 [HIGH] CVE-2016-1830: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2 The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.
nvd
CVE-2016-1842HIGHCVSS 7.5≤ 9.3.12016-05-20
CVE-2016-1842 [HIGH] CWE-284 CVE-2016-1842: MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS f MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
nvd
CVE-2016-1832HIGHCVSS 7.8fixed in 9.3.22016-05-20
CVE-2016-1832 [HIGH] CWE-119 CVE-2016-1832: libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 all libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2016-1817HIGHCVSS 7.8fixed in 9.3.22016-05-20
CVE-2016-1817 [HIGH] CWE-119 CVE-2016-1817: IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS b IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
nvd
CVE-2016-1813HIGHCVSS 7.8PoCfixed in 9.3.22016-05-20
CVE-2016-1813 [HIGH] CWE-476 CVE-2016-1813: The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11. The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2016-1835HIGHCVSS 8.8≤ 9.3.12016-05-20
CVE-2016-1835 [HIGH] CWE-119 CVE-2016-1835: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
nvd
CVE-2016-1857HIGHCVSS 8.8fixed in 9.3.22016-05-20
CVE-2016-1857 [HIGH] CVE-2016-1857: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.
nvd
CVE-2016-1847HIGHCVSS 8.8fixed in 9.3.22016-05-20
CVE-2016-1847 [HIGH] CWE-119 CVE-2016-1847: OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befor OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2016-1808HIGHCVSS 7.8fixed in 9.3.22016-05-20
CVE-2016-1808 [HIGH] CWE-119 CVE-2016-1808: The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and wat The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
← Previous147 / 197Next →
Apple iOS vulnerabilities | cvebase