Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 152 of 197
CVE-2015-7065MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7065 [MEDIUM] CWE-119 CVE-2015-7065: OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvd
CVE-2015-7074MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7074 [MEDIUM] CWE-119 CVE-2015-7074: CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote a
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
nvd
CVE-2015-7064MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7064 [MEDIUM] CWE-119 CVE-2015-7064: OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066.
nvd
CVE-2015-7053MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7053 [MEDIUM] CWE-119 CVE-2015-7053: ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
nvd
CVE-2015-7043MEDIUMCVSS 4.3≤ 9.12015-12-11
CVE-2015-7043 [MEDIUM] CVE-2015-7043: The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.
nvd
CVE-2015-7062MEDIUMCVSS 4.6≤ 9.12015-12-11
CVE-2015-7062 [MEDIUM] CWE-264 CVE-2015-7062: Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-pro
Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
nvd
CVE-2015-7081MEDIUMCVSS 5.0≤ 9.12015-12-11
CVE-2015-7081 [MEDIUM] CVE-2015-7081: iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary fil
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
nvd
CVE-2015-7096MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7096 [MEDIUM] CVE-2015-7096: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015
nvd
CVE-2015-7001MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7001 [MEDIUM] CWE-264 CVE-2015-7001: AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mis
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
nvd
CVE-2015-7039MEDIUMCVSS 6.8PoC≤ 9.12015-12-11
CVE-2015-7039 [MEDIUM] CVE-2015-7039: Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS b
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
nvd
CVE-2015-7099MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7099 [MEDIUM] CVE-2015-7099: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015
nvd
CVE-2015-7037MEDIUMCVSS 5.0≤ 9.12015-12-11
CVE-2015-7037 [MEDIUM] CWE-22 CVE-2015-7037: Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attacker
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
nvd
CVE-2015-7038MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7038 [MEDIUM] CWE-119 CVE-2015-7038: Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS b
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
nvd
CVE-2015-7066MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7066 [MEDIUM] CVE-2015-7066: OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.
nvd
CVE-2015-7101MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7101 [MEDIUM] CVE-2015-7101: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015
nvd
CVE-2015-7073MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7073 [MEDIUM] CWE-119 CVE-2015-7073: Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote atta
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.
nvd
CVE-2015-7095MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7095 [MEDIUM] CVE-2015-7095: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015
nvd
CVE-2015-7048MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7048 [MEDIUM] CWE-119 CVE-2015-7048: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101,
nvd
CVE-2015-7050MEDIUMCVSS 4.3≤ 9.12015-12-11
CVE-2015-7050 [MEDIUM] CWE-200 CVE-2015-7050: WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows re
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
nvd
CVE-2015-7054MEDIUMCVSS 6.8≤ 9.12015-12-11
CVE-2015-7054 [MEDIUM] CWE-19 CVE-2015-7054: zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.
nvd