Apple Itunes vulnerabilities
922 known vulnerabilities affecting apple/itunes.
Total CVEs
922
CISA KEV
2
actively exploited
Public exploits
75
Exploited in wild
3
Severity breakdown
CRITICAL112HIGH479MEDIUM326LOW5
Vulnerabilities
Page 24 of 47
CVE-2016-4758MEDIUMCVSS 6.5≤ 12.4.32016-09-25
CVE-2016-4758 [MEDIUM] CWE-200 CVE-2016-4758: WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not proper
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
nvd
CVE-2016-4763MEDIUMCVSS 6.8≤ 12.4.32016-09-25
CVE-2016-4763 [MEDIUM] CWE-310 CVE-2016-4763: WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 do
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2016-4610CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4610 [CRITICAL] CVE-2016-4610: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvd
CVE-2016-4616CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4616 [CRITICAL] CVE-2016-4616: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461
nvd
CVE-2016-4615CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4615 [CRITICAL] CVE-2016-4615: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461
nvd
CVE-2016-4607CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4607 [CRITICAL] CWE-119 CVE-2016-4607: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-
nvd
CVE-2016-4614CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4614 [CRITICAL] CWE-787 CVE-2016-4614: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-
nvd
CVE-2016-4608CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4608 [CRITICAL] CVE-2016-4608: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvd
CVE-2016-4609CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvd
CVE-2016-4448CRITICALCVSS 9.8≤ 12.4.12016-06-09
CVE-2016-4448 [CRITICAL] CWE-134 CVE-2016-4448: Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
nvd
CVE-2016-4447HIGHCVSS 7.5v12.4.12016-06-09
CVE-2016-4447 [HIGH] CWE-119 CVE-2016-4447: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
nvd
CVE-2016-1742HIGHCVSS 7.8≤ 12.3.12016-05-20
CVE-2016-1742 [HIGH] CWE-264 CVE-2016-1742: Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
nvd
CVE-2015-6975HIGHCVSS 7.5≤ 12.3.02015-10-23
CVE-2015-6975 [HIGH] CWE-119 CVE-2015-6975: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
nvd
CVE-2015-6992HIGHCVSS 7.5≤ 12.3.02015-10-23
CVE-2015-6992 [HIGH] CVE-2015-6992: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
nvd
CVE-2015-7017HIGHCVSS 7.5≤ 12.3.02015-10-23
CVE-2015-7017 [HIGH] CVE-2015-7017: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
nvd
CVE-2015-7013MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7013 [MEDIUM] CWE-119 CVE-2015-7013: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvd
CVE-2015-7002MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7002 [MEDIUM] CWE-119 CVE-2015-7002: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvd
CVE-2015-7012MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7012 [MEDIUM] CWE-119 CVE-2015-7012: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvd
CVE-2015-5929MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5929 [MEDIUM] CWE-119 CVE-2015-5929: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvd
CVE-2015-7011MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7011 [MEDIUM] CWE-119 CVE-2015-7011: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvd