Apple iOS vulnerabilities

CVE-2015-7023 [MEDIUM] CWE-17 CVE-2015-7023: CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-v CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

CVE-2015-7022 [MEDIUM] CWE-200 CVE-2015-7022: The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status inf The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.

CVE-2015-5927 [MEDIUM] CWE-119 CVE-2015-5927: FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote atta FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.

CVE-2015-6977 [MEDIUM] CVE-2015-6977: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-6976 [MEDIUM] CWE-119 CVE-2015-6976: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-7014 [MEDIUM] CWE-119 CVE-2015-7014: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20

CVE-2015-6993 [MEDIUM] CVE-2015-6993: FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.

CVE-2015-7015 [MEDIUM] CWE-119 CVE-2015-7015: Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.

CVE-2015-5942 [MEDIUM] CVE-2015-5942: FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote atta FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

CVE-2015-5930 [MEDIUM] CWE-119 CVE-2015-5930: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20

CVE-2015-5935 [MEDIUM] CWE-119 CVE-2015-5935: ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attacke ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

CVE-2015-7000 [LOW] CWE-200 CVE-2015-7000: Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, wh Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.

CVE-2015-5923 [LOW] CWE-200 CVE-2015-5923: Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which al Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

CVE-2015-5867 [CRITICAL] CWE-119 CVE-2015-5867: IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-5876 [CRITICAL] CWE-119 CVE-2015-5876: dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged c dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-5845 [CRITICAL] CVE-2015-5845: IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846.

CVE-2015-5903 [CRITICAL] CVE-2015-5903: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.

CVE-2015-5844 [CRITICAL] CWE-119 CVE-2015-5844: IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.

CVE-2015-5846 [CRITICAL] CVE-2015-5846: IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.

CVE-2015-5882 [HIGH] CWE-284 CVE-2015-5882: The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an ent The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.