Apple iOS vulnerabilities

CVE-2015-1152 [MEDIUM] CVE-2015-1152: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.

CVE-2015-1156 [MEDIUM] CWE-264 CVE-2015-1156: The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, a The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.

CVE-2015-1153 [MEDIUM] CVE-2015-1153: WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.

CVE-2015-1155 [MEDIUM] CWE-264 CVE-2015-1155: The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8. The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

CVE-2015-1095 [HIGH] CVE-2015-1095: IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physi IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

CVE-2015-1098 [HIGH] CWE-119 CVE-2015-1098: iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbit iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

CVE-2015-1102 [HIGH] CWE-20 CVE-2015-1102: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not prop The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.

CVE-2015-1103 [HIGH] CWE-20 CVE-2015-1103: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.

CVE-2015-1089 [MEDIUM] CWE-200 CVE-2015-1089: CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies dur CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVE-2015-1110 [MEDIUM] CWE-200 CVE-2015-1110: The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to di The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.

CVE-2015-1101 [MEDIUM] CVE-2015-1101: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2015-1093 [MEDIUM] CVE-2015-1093: FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

CVE-2015-1105 [MEDIUM] CWE-20 CVE-2015-1105: The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple T The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

CVE-2015-1123 [MEDIUM] CVE-2015-1123: WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.

CVE-2015-1111 [MEDIUM] CWE-200 CVE-2015-1111: Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-cl Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

CVE-2015-1112 [MEDIUM] CWE-200 CVE-2015-1112: Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and oth Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.

CVE-2015-1124 [MEDIUM] CVE-2015-1124: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A

CVE-2015-1090 [MEDIUM] CWE-200 CVE-2015-1090: CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state inform CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

CVE-2015-1099 [MEDIUM] CWE-362 CVE-2015-1099: Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, App Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

CVE-2015-1121 [MEDIUM] CVE-2015-1121: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A