Apple iOS vulnerabilities

CVE-2015-5791 [MEDIUM] CWE-119 CVE-2015-5791: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5880 [MEDIUM] CWE-200 CVE-2015-5880: CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and o CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.

CVE-2015-5921 [MEDIUM] CWE-200 CVE-2015-5921: WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5804 [MEDIUM] CWE-119 CVE-2015-5804: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5906 [MEDIUM] CWE-200 CVE-2015-5906: The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to th The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.

CVE-2015-5765 [MEDIUM] CVE-2015-5765: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspeci The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.

CVE-2015-5792 [MEDIUM] CWE-119 CVE-2015-5792: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5822 [MEDIUM] CWE-119 CVE-2015-5822: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5879 [MEDIUM] CWE-20 CVE-2015-5879: XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.

CVE-2015-5764 [MEDIUM] CWE-20 CVE-2015-5764: The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspeci The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.

CVE-2015-5821 [MEDIUM] CWE-119 CVE-2015-5821: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2014-8611 [MEDIUM] CWE-119 CVE-2014-8611: The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS befor The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

CVE-2015-5824 [MEDIUM] CWE-310 CVE-2015-5824: The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly veri The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2015-5856 [MEDIUM] CWE-254 CVE-2015-5856: The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of s The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.

CVE-2015-5794 [MEDIUM] CWE-119 CVE-2015-5794: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5823 [MEDIUM] CWE-119 CVE-2015-5823: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5838 [MEDIUM] CWE-284 CVE-2015-5838: SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which a SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.

CVE-2015-5885 [MEDIUM] CWE-200 CVE-2015-5885: The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vec The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.

CVE-2015-5857 [MEDIUM] CWE-254 CVE-2015-5857: Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mai Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.

CVE-2015-5819 [MEDIUM] CWE-119 CVE-2015-5819: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.