Apple iOS vulnerabilities

CVE-2015-5810 [MEDIUM] CWE-119 CVE-2015-5810: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5858 [MEDIUM] CWE-200 CVE-2015-5858: The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HST The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.

CVE-2015-5826 [MEDIUM] CWE-284 CVE-2015-5826: WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (C WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2015-5834 [MEDIUM] CWE-200 CVE-2015-5834: IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

CVE-2015-5825 [MEDIUM] CWE-200 CVE-2015-5825: WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, w WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.

CVE-2015-5814 [MEDIUM] CWE-119 CVE-2015-5814: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5807 [MEDIUM] CWE-119 CVE-2015-5807: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5817 [MEDIUM] CWE-119 CVE-2015-5817: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5803 [MEDIUM] CWE-119 CVE-2015-5803: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5811 [MEDIUM] CWE-119 CVE-2015-5811: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5813 [MEDIUM] CWE-119 CVE-2015-5813: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5795 [MEDIUM] CWE-119 CVE-2015-5795: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.

CVE-2015-5841 [MEDIUM] CWE-74 CVE-2015-5841: The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header w The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.

CVE-2015-5869 [LOW] CWE-20 CVE-2015-5869: The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows r The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

CVE-2015-5861 [LOW] CWE-284 CVE-2015-5861: SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen prev SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.

CVE-2015-5863 [LOW] CWE-200 CVE-2015-5863: IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, wh IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

CVE-2015-5832 [LOW] CWE-200 CVE-2015-5832: The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from t The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5850 [LOW] CWE-254 CVE-2015-5850: AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of inco AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.

CVE-2015-5907 [LOW] CWE-310 CVE-2015-5907: WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by le WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.

CVE-2015-5842 [LOW] CWE-200 CVE-2015-5842: XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.