Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 106 of 112
CVE-2015-1068MEDIUMCVSS 6.8≤ 7.12015-03-18
CVE-2015-1068 [MEDIUM] CWE-399 CVE-2015-1068: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1072MEDIUMCVSS 6.8≤ 7.12015-03-18
CVE-2015-1072 [MEDIUM] CWE-399 CVE-2015-1072: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1083MEDIUMCVSS 6.8≤ 7.12015-03-18
CVE-2015-1083 [MEDIUM] CWE-399 CVE-2015-1083: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1078MEDIUMCVSS 6.8≤ 7.12015-03-18
CVE-2015-1078 [MEDIUM] CWE-399 CVE-2015-1078: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1070MEDIUMCVSS 6.8≤ 7.12015-03-18
CVE-2015-1070 [MEDIUM] CWE-399 CVE-2015-1070: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
nvd
CVE-2015-1061CRITICALCVSS 9.3≤ 7.0.32015-03-12
CVE-2015-1061 [CRITICAL] CWE-94 CVE-2015-1061: IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attack
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
nvd
CVE-2015-1062MEDIUMCVSS 5.0≤ 7.0.32015-03-12
CVE-2015-1062 [MEDIUM] CWE-19 CVE-2015-1062: MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-im
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
nvd
CVE-2015-1067MEDIUMCVSS 4.3≤ 7.0.32015-03-11
CVE-2015-1067 [MEDIUM] CVE-2015-1067: Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does n
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-163
nvd
CVE-2014-4489CRITICALCVSS 10.0≤ 7.0.12015-01-30
CVE-2014-4489 [CRITICAL] CVE-2014-4489: IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2014-4495CRITICALCVSS 10.0≤ 7.0.12015-01-30
CVE-2014-4495 [CRITICAL] CWE-264 CVE-2014-4495: The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.
nvd
CVE-2014-4480CRITICALCVSS 10.0≤ 7.0.12015-01-30
CVE-2014-4480 [CRITICAL] CWE-59 CVE-2014-4480: Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
nvd
CVE-2014-4486CRITICALCVSS 10.0≤ 7.0.12015-01-30
CVE-2014-4486 [CRITICAL] CVE-2014-4486: IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
nvd
CVE-2014-4487CRITICALCVSS 10.0≤ 7.0.12015-01-30
CVE-2014-4487 [CRITICAL] CWE-119 CVE-2014-4487: Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV be
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2014-4488CRITICALCVSS 10.0≤ 7.0.12015-01-30
CVE-2014-4488 [CRITICAL] CWE-19 CVE-2014-4488: IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2014-4492HIGHCVSS 7.5PoC≤ 7.0.12015-01-30
CVE-2014-4492 [HIGH] CWE-19 CVE-2014-4492: libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
nvd
CVE-2014-4484HIGHCVSS 7.5≤ 7.0.12015-01-30
CVE-2014-4484 [HIGH] CWE-19 CVE-2014-4484: FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows re
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
nvd
CVE-2014-4485HIGHCVSS 7.5≤ 7.0.12015-01-30
CVE-2014-4485 [HIGH] CWE-119 CVE-2014-4485: Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
nvd
CVE-2014-4477MEDIUMCVSS 6.8≤ 7.0.12015-01-30
CVE-2014-4477 [MEDIUM] CVE-2014-4477: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
nvd
CVE-2014-4476MEDIUMCVSS 6.8≤ 7.0.12015-01-30
CVE-2014-4476 [MEDIUM] CWE-119 CVE-2014-4476: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
nvd
CVE-2014-4479MEDIUMCVSS 6.8≤ 7.0.12015-01-30
CVE-2014-4479 [MEDIUM] CVE-2014-4479: WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x befo
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
nvd