Apple iOS vulnerabilities

3,941 known vulnerabilities affecting apple/iphone_os.

Total CVEs

3,941

CISA KEV

actively exploited

Public exploits

248

Exploited in wild

Severity breakdown

CRITICAL313HIGH1610MEDIUM1731LOW287

Vulnerabilities

Page 170 of 198

CVE-2014-4476MEDIUMCVSS 6.8≤ 8.1.22015-01-30

CVE-2014-4476 [MEDIUM] CWE-119 CVE-2014-4476: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.

nvd

CVE-2014-4467MEDIUMCVSS 4.3≤ 8.1.22015-01-30

CVE-2014-4467 [MEDIUM] CWE-17 CVE-2014-4467: WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during t WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

nvd

CVE-2014-8840MEDIUMCVSS 6.8≤ 8.1.22015-01-30

CVE-2014-8840 [MEDIUM] CWE-310 CVE-2014-8840: The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sand The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

nvd

CVE-2014-4479MEDIUMCVSS 6.8≤ 8.1.22015-01-30

CVE-2014-4479 [MEDIUM] CVE-2014-4479: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.

nvd

CVE-2014-4483MEDIUMCVSS 6.8≤ 8.1.22015-01-30

CVE-2014-4483 [MEDIUM] CWE-119 CVE-2014-4483: Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV bef Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

nvd

CVE-2014-4494MEDIUMCVSS 6.8≤ 8.1.22015-01-30

CVE-2014-4494 [MEDIUM] CWE-20 CVE-2014-4494: Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.

nvd

CVE-2014-4496MEDIUMCVSS 5.0≤ 8.1.22015-01-30

CVE-2014-4496 [MEDIUM] CWE-264 CVE-2014-4496: The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 do The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

nvd

CVE-2014-4491MEDIUMCVSS 5.0≤ 8.1.22015-01-30

CVE-2014-4491 [MEDIUM] CWE-200 CVE-2014-4491: The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

nvd

CVE-2014-4481MEDIUMCVSS 6.8≤ 8.1.22015-01-30

CVE-2014-4481 [MEDIUM] CWE-189 CVE-2014-4481: Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

nvd

CVE-2014-4466HIGHCVSS 7.5≤ 8.1.22014-12-10

CVE-2014-4466 [HIGH] CWE-399 CVE-2014-4466: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4470MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4470 [MEDIUM] CWE-399 CVE-2014-4470: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4474MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4474 [MEDIUM] CWE-399 CVE-2014-4474: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4475MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4475 [MEDIUM] CWE-399 CVE-2014-4475: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4473MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4473 [MEDIUM] CWE-399 CVE-2014-4473: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4465MEDIUMCVSS 5.0≤ 8.1.22014-12-10

CVE-2014-4465 [MEDIUM] CWE-20 CVE-2014-4465: WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

nvd

CVE-2014-4471MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4471 [MEDIUM] CWE-399 CVE-2014-4471: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4469MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4469 [MEDIUM] CWE-399 CVE-2014-4469: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4472MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4472 [MEDIUM] CWE-399 CVE-2014-4472: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4468MEDIUMCVSS 6.8≤ 8.1.22014-12-10

CVE-2014-4468 [MEDIUM] CWE-399 CVE-2014-4468: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.

nvd

CVE-2014-4461CRITICALCVSS 9.3≤ 8.1v8.0+2 more2014-11-18

CVE-2014-4461 [CRITICAL] CWE-20 CVE-2014-4461: The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDa The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

nvd

← Previous170 / 198Next →