Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 157 of 197
CVE-2015-5896HIGHCVSS 7.2≤ 8.4.12015-09-18
CVE-2015-5896 [HIGH] CVE-2015-5896: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
nvd
CVE-2015-5843HIGHCVSS 7.2≤ 8.4.12015-09-18
CVE-2015-5843 [HIGH] CWE-119 CVE-2015-5843: IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of
IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2015-5848HIGHCVSS 7.2≤ 8.4.12015-09-18
CVE-2015-5848 [HIGH] CWE-119 CVE-2015-5848: IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of
IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2015-5874HIGHCVSS 7.5≤ 8.4.12015-09-18
CVE-2015-5874 [HIGH] CWE-119 CVE-2015-5874: CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary c
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
nvd
CVE-2015-5899HIGHCVSS 7.2≤ 8.4.12015-09-18
CVE-2015-5899 [HIGH] CWE-119 CVE-2015-5899: libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a deni
libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2015-5868HIGHCVSS 7.2≤ 8.4.12015-09-18
CVE-2015-5868 [HIGH] CWE-119 CVE-2015-5868: The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
nvd
CVE-2015-5847HIGHCVSS 7.2≤ 8.4.12015-09-18
CVE-2015-5847 [HIGH] CWE-119 CVE-2015-5847: The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a den
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2015-5916MEDIUMCVSS 4.3≤ 8.4.12015-09-18
CVE-2015-5916 [MEDIUM] CWE-200 CVE-2015-5916: The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-tra
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.
nvd
CVE-2015-5839MEDIUMCVSS 5.0≤ 8.4.12015-09-18
CVE-2015-5839 [MEDIUM] CWE-254 CVE-2015-5839: dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
nvd
CVE-2015-5790MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5790 [MEDIUM] CWE-119 CVE-2015-5790: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5767MEDIUMCVSS 4.3≤ 8.4.12015-09-18
CVE-2015-5767 [MEDIUM] CVE-2015-5767: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspeci
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
nvd
CVE-2015-5789MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5789 [MEDIUM] CWE-119 CVE-2015-5789: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5788MEDIUMCVSS 4.3≤ 8.4.12015-09-18
CVE-2015-5788 [MEDIUM] CWE-200 CVE-2015-5788: The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Or
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
nvd
CVE-2015-5799MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5799 [MEDIUM] CWE-119 CVE-2015-5799: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5796MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5796 [MEDIUM] CWE-119 CVE-2015-5796: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5812MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5812 [MEDIUM] CWE-119 CVE-2015-5812: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5800MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5800 [MEDIUM] CWE-119 CVE-2015-5800: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5829MEDIUMCVSS 6.8≤ 8.4.12015-09-18
CVE-2015-5829 [MEDIUM] CWE-119 CVE-2015-5829: Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cau
Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.
nvd
CVE-2015-5855MEDIUMCVSS 4.3≤ 8.4.12015-09-18
CVE-2015-5855 [MEDIUM] CWE-200 CVE-2015-5855: Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Ce
Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.
nvd
CVE-2015-5831MEDIUMCVSS 5.0≤ 8.4.12015-09-18
CVE-2015-5831 [MEDIUM] CWE-200 CVE-2015-5831: NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified dat
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
nvd