Apple tvOS vulnerabilities

2,227 known vulnerabilities affecting apple/tvos.

Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3

Vulnerabilities

Page 92 of 112
CVE-2017-2355HIGHCVSS 8.8fixed in 10.1.12017-02-20
CVE-2017-2355 [HIGH] CWE-119 CVE-2017-2355: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized
nvdapple
CVE-2016-4669HIGHCVSS 7.8PoCfixed in 10.0.12017-02-20
CVE-2016-4669 [HIGH] CWE-20 CVE-2016-4669: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system c
nvdapple
CVE-2016-7626HIGHCVSS 8.8PoCfixed in 10.12017-02-20
CVE-2016-7626 [HIGH] CWE-119 CVE-2016-7626: An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.
nvdapple
CVE-2016-4679MEDIUMCVSS 5.5fixed in 10.0.12017-02-20
CVE-2016-4679 [MEDIUM] CWE-59 CVE-2016-4679: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
nvdapple
CVE-2017-2365MEDIUMCVSS 6.5PoCfixed in 10.1.12017-02-20
CVE-2017-2365 [MEDIUM] CWE-200 CVE-2017-2365: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
nvdapple
CVE-2017-2363MEDIUMCVSS 6.5PoCfixed in 10.1.12017-02-20
CVE-2017-2363 [MEDIUM] CWE-200 CVE-2017-2363: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
nvdapple
CVE-2017-2350MEDIUMCVSS 6.5fixed in 10.1.12017-02-20
CVE-2017-2350 [MEDIUM] CWE-200 CVE-2017-2350: An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0 An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
nvdapple
CVE-2016-4680MEDIUMCVSS 5.5fixed in 10.0.12017-02-20
CVE-2016-4680 [MEDIUM] CWE-200 CVE-2016-4680: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
nvdapple
CVE-2016-7579MEDIUMCVSS 5.9fixed in 10.0.12017-02-20
CVE-2016-7579 [MEDIUM] CWE-200 CVE-2016-7579: An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information.
nvdapple
CVE-2016-4665LOWCVSS 3.3≤ 10.02017-02-20
CVE-2016-4665 [LOW] CWE-200 CVE-2016-4665: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.
nvdapple
CVE-2016-4664LOWCVSS 3.3≤ 10.02017-02-20
CVE-2016-4664 [LOW] CWE-200 CVE-2016-4664: An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.
nvdapple
CVE-2016-8687HIGHCVSS 7.5v10.1.12017-01-23
CVE-2016-8687 [HIGH] CVE-2016-8687: tvOS 10.1.1 Apple Security Update: About the security content of tvOS 10.1.1 Product: tvOS Version: 10.1.1 CVE: CVE-2016-8687 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management.
apple
CVE-2017-2362HIGHCVSS 8.8PoCv10.1.12017-01-23
CVE-2017-2362 [HIGH] CVE-2017-2362: tvOS 10.1.1 Apple Security Update: About the security content of tvOS 10.1.1 Product: tvOS Version: 10.1.1 CVE: CVE-2017-2362 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.
apple
CVE-2017-2383LOWCVSS 3.1v10.1.12017-01-23
CVE-2017-2383 [LOW] CVE-2017-2383: tvOS 10.1.1 Apple Security Update: About the security content of tvOS 10.1.1 Product: tvOS Version: 10.1.1 CVE: CVE-2017-2383 Component: APNs Server Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.
apple
CVE-2016-7663CRITICALCVSS 9.8v10.12016-12-12
CVE-2016-7663 [CRITICAL] CVE-2016-7663: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7663 Component: CoreFoundation Impact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking.
apple
CVE-2016-7648HIGHCVSS 8.8v10.12016-12-12
CVE-2016-7648 [HIGH] CVE-2016-7648: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7648 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved state management.
apple
CVE-2016-7660HIGHCVSS 7.8PoCv10.12016-12-12
CVE-2016-7660 [HIGH] CVE-2016-7660: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7660 Component: Security Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.
apple
CVE-2016-7632HIGHCVSS 8.8v10.12016-12-12
CVE-2016-7632 [HIGH] CVE-2016-7632: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7632 Component: WebKit Impact: Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved state management.
apple
CVE-2016-7635HIGHCVSS 8.8v10.12016-12-12
CVE-2016-7635 [HIGH] CVE-2016-7635: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7635 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.
apple
CVE-2016-7616HIGHCVSS 7.8v10.12016-12-12
CVE-2016-7616 [HIGH] CVE-2016-7616: tvOS 10.1 Apple Security Update: About the security content of tvOS 10.1 Product: tvOS Version: 10.1 CVE: CVE-2016-7616 Component: Disk Images Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation.
apple
← Previous92 / 112Next →
Apple tvOS vulnerabilities | cvebase