Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 163 of 197
CVE-2015-3748MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3748 [MEDIUM] CWE-119 CVE-2015-3748: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3741MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3741 [MEDIUM] CWE-119 CVE-2015-3741: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3784MEDIUMCVSS 5.0≤ 8.42015-08-16
CVE-2015-3784 [MEDIUM] CWE-200 CVE-2015-3784: Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbi
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
nvd
CVE-2015-3782MEDIUMCVSS 4.3≤ 8.42015-08-16
CVE-2015-3782 [MEDIUM] CWE-200 CVE-2015-3782: CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
nvd
CVE-2015-3731MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3731 [MEDIUM] CWE-119 CVE-2015-3731: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3734MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3734 [MEDIUM] CWE-119 CVE-2015-3734: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3730MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3730 [MEDIUM] CWE-119 CVE-2015-3730: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3744MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3744 [MEDIUM] CWE-119 CVE-2015-3744: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3737MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3737 [MEDIUM] CWE-119 CVE-2015-3737: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3753MEDIUMCVSS 5.0fixed in 8.4.12015-08-16
CVE-2015-3753 [MEDIUM] CWE-200 CVE-2015-3753: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
nvd
CVE-2015-3751MEDIUMCVSS 5.0fixed in 8.4.12015-08-16
CVE-2015-3751 [MEDIUM] CWE-254 CVE-2015-3751: WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element.
nvd
CVE-2015-3742MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3742 [MEDIUM] CWE-119 CVE-2015-3742: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3735MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3735 [MEDIUM] CWE-119 CVE-2015-3735: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3733MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3733 [MEDIUM] CWE-119 CVE-2015-3733: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3766MEDIUMCVSS 4.3≤ 8.42015-08-16
CVE-2015-3766 [MEDIUM] CWE-200 CVE-2015-3766: The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_por
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
nvd
CVE-2015-3732MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3732 [MEDIUM] CWE-119 CVE-2015-3732: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3739MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3739 [MEDIUM] CWE-119 CVE-2015-3739: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3747MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3747 [MEDIUM] CWE-119 CVE-2015-3747: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd
CVE-2015-3752MEDIUMCVSS 5.0fixed in 8.4.12015-08-16
CVE-2015-3752 [MEDIUM] CWE-200 CVE-2015-3752: The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8,
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or
nvd
CVE-2015-3746MEDIUMCVSS 6.8fixed in 8.4.12015-08-16
CVE-2015-3746 [MEDIUM] CWE-119 CVE-2015-3746: WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-
nvd