Iphone Os

iphone_os

Vendor: Apple • 4,015 CVEs

CVEs (4,015)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4712 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
CVE-2016-4711 1Apple 2Iphone Os Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
CVE-2016-4708 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
CVE-2016-4707 1Apple 2Iphone Os Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 4.0 MEDIUM· v3 2.1 LOW· v2 CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
CVE-2016-4702 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Sep 25, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-4698 1Apple 2Iphone Os Mac Os X May 6, 2026 Sep 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privilege...Show more AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.Show less
CVE-2016-4658 2Apple Xmlsoft 5Iphone Os Libxml2Mac Os X+2 more May 6, 2026 Sep 25, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote att...Show more xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.Show less
CVE-2016-4618 1Apple 2Iphone Os Safari May 6, 2026 Sep 25, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
CVE-2016-4611 1Apple 3Iphone Os SafariTvos May 6, 2026 Sep 25, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability tha...Show more WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.Show less
CVE-2016-4749 1Apple 1Iphone Os May 6, 2026 Sep 18, 2016 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.
CVE-2016-4747 1Apple 1Iphone Os May 6, 2026 Sep 18, 2016 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVE-2016-4746 1Apple 1Iphone Os May 6, 2026 Sep 18, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an uni...Show more The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.Show less
CVE-2016-4741 1Apple 1Iphone Os May 6, 2026 Sep 18, 2016 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
CVE-2016-4740 1Apple 1Iphone Os May 6, 2026 Sep 18, 2016 N/A· v4 2.9 LOW· v3 1.9 LOW· v2 Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4719 1Apple 2Iphone Os Watchos May 6, 2026 Sep 18, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
CVE-2016-4620 1Apple 1Iphone Os May 6, 2026 Sep 18, 2016 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVE-2016-4657 1Apple 1Iphone Os Apr 21, 2026 Aug 25, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-4656 1Apple 1Iphone Os Apr 21, 2026 Aug 25, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4655 1Apple 1Iphone Os Apr 21, 2026 Aug 25, 2016 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
CVE-2016-4654 1Apple 1Iphone Os May 6, 2026 Aug 18, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Previous 1...147148149...201 Next