Apple iOS vulnerabilities

3,941 known vulnerabilities affecting apple/iphone_os.

Total CVEs

3,941

CISA KEV

actively exploited

Public exploits

248

Exploited in wild

Severity breakdown

CRITICAL313HIGH1610MEDIUM1731LOW287

Vulnerabilities

Page 168 of 198

CVE-2015-1087LOWCVSS 2.1≤ 8.22015-04-10

CVE-2015-1087 [LOW] CWE-22 CVE-2015-1087: Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitra Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.

nvd

CVE-2015-1085LOWCVSS 1.9≤ 8.22015-04-10

CVE-2015-1085 [LOW] CWE-264 CVE-2015-1085: AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation int AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

nvd

CVE-2015-1114LOWCVSS 1.9≤ 8.22015-04-10

CVE-2015-1114 [LOW] CWE-200 CVE-2015-1114: The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to d The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

nvd

CVE-2015-1113LOWCVSS 1.9≤ 8.22015-04-10

CVE-2015-1113 [LOW] CWE-200 CVE-2015-1113: The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone nu The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.

nvd

CVE-2015-1116LOWCVSS 2.1≤ 8.22015-04-10

CVE-2015-1116 [LOW] CWE-200 CVE-2015-1116: The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Tas The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.

nvd

CVE-2015-1109LOWCVSS 2.1≤ 8.22015-04-10

CVE-2015-1109 [LOW] CWE-200 CVE-2015-1109: NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes i NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.

nvd

CVE-2015-1107LOWCVSS 1.9≤ 8.22015-04-10

CVE-2015-1107 [LOW] CVE-2015-1107: The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature fo The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

nvd

CVE-2015-1082MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1082 [MEDIUM] CWE-399 CVE-2015-1082: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1073MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1073 [MEDIUM] CWE-399 CVE-2015-1073: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1077MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1077 [MEDIUM] CWE-399 CVE-2015-1077: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1079MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1079 [MEDIUM] CWE-399 CVE-2015-1079: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1080MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1080 [MEDIUM] CWE-399 CVE-2015-1080: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1074MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1074 [MEDIUM] CWE-399 CVE-2015-1074: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1069MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1069 [MEDIUM] CWE-399 CVE-2015-1069: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1071MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1071 [MEDIUM] CWE-399 CVE-2015-1071: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1081MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1081 [MEDIUM] CWE-399 CVE-2015-1081: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1084MEDIUMCVSS 5.0≤ 8.22015-03-18

CVE-2015-1084 [MEDIUM] CWE-17 CVE-2015-1084: The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

nvd

CVE-2015-1076MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1076 [MEDIUM] CWE-399 CVE-2015-1076: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1068MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1068 [MEDIUM] CWE-399 CVE-2015-1068: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1072MEDIUMCVSS 6.8≤ 8.22015-03-18

CVE-2015-1072 [MEDIUM] CWE-399 CVE-2015-1072: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

← Previous168 / 198Next →