Apple iOS vulnerabilities

CVE-2015-5912 [MEDIUM] CWE-17 CVE-2015-5912: The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.

CVE-2015-5905 [MEDIUM] CWE-254 CVE-2015-5905: Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.

CVE-2015-3801 [MEDIUM] CWE-264 CVE-2015-3801: The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS bef The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.

CVE-2015-5806 [MEDIUM] CWE-119 CVE-2015-5806: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5860 [MEDIUM] CWE-200 CVE-2015-5860: The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remot The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.

CVE-2015-5837 [MEDIUM] CWE-20 CVE-2015-5837: PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and ins PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.

CVE-2015-5802 [MEDIUM] CWE-119 CVE-2015-5802: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5827 [MEDIUM] CWE-200 CVE-2015-5827: WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.

CVE-2015-5809 [MEDIUM] CWE-119 CVE-2015-5809: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5793 [MEDIUM] CWE-119 CVE-2015-5793: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5840 [MEDIUM] CWE-119 CVE-2015-5840: The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.

CVE-2015-5805 [MEDIUM] CWE-119 CVE-2015-5805: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5820 [MEDIUM] CWE-20 CVE-2015-5820: WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) t WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.

CVE-2015-5797 [MEDIUM] CWE-119 CVE-2015-5797: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5835 [MEDIUM] CWE-200 CVE-2015-5835: Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication vi Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.

CVE-2015-5862 [MEDIUM] CWE-119 CVE-2015-5862: The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memo The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.

CVE-2015-5801 [MEDIUM] CWE-119 CVE-2015-5801: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5904 [MEDIUM] CWE-254 CVE-2015-5904: Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.

CVE-2015-5816 [MEDIUM] CWE-119 CVE-2015-5816: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5818 [MEDIUM] CWE-119 CVE-2015-5818: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.