Apple iOS vulnerabilities

CVE-2015-5755 [MEDIUM] CWE-119 CVE-2015-5755: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitr CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

CVE-2015-5770 [MEDIUM] CWE-264 CVE-2015-5770: MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisionin MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.

CVE-2015-5777 [MEDIUM] CWE-119 CVE-2015-5777: CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to exec CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.

CVE-2015-5759 [MEDIUM] CWE-254 CVE-2015-5759: WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.

CVE-2015-5773 [MEDIUM] CWE-119 CVE-2015-5773: QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbit QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.

CVE-2015-5766 [MEDIUM] CWE-22 CVE-2015-5766: Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to acces Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.

CVE-2015-5758 [MEDIUM] CWE-119 CVE-2015-5758: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitra ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

CVE-2015-5761 [MEDIUM] CVE-2015-5761: CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitr CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

CVE-2015-5752 [MEDIUM] CWE-59 CVE-2015-5752: Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem acce Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

CVE-2015-3793 [MEDIUM] CWE-264 CVE-2015-3793: CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox prote CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

CVE-2015-5749 [MEDIUM] CWE-200 CVE-2015-5749: The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

CVE-2015-5782 [MEDIUM] CWE-200 CVE-2015-5782: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecifie ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

CVE-2015-5756 [MEDIUM] CVE-2015-5756: FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbi FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

CVE-2015-3807 [MEDIUM] CWE-119 CVE-2015-3807: libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitiv libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

CVE-2015-5781 [MEDIUM] CWE-200 CVE-2015-5781: ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecifie ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.

CVE-2015-5748 [LOW] CWE-17 CVE-2015-5748: The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local user The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.

CVE-2015-3776 [CRITICAL] CWE-119 CVE-2015-3776: IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code i IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.

CVE-2015-3768 [CRITICAL] CWE-189 CVE-2015-3768: Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.

CVE-2015-3740 [MEDIUM] CWE-119 CVE-2015-3740: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-

CVE-2015-3738 [MEDIUM] CWE-119 CVE-2015-3738: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-