Vulnerabilities > Apple > Iphone OS > 1.1.4

DATE CVE VULNERABILITY TITLE RISK
2015-12-11 CVE-2015-7046 Information Exposure vulnerability in Apple products
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
network
high complexity
apple CWE-200
2.6
2015-12-11 CVE-2015-7043 Multiple Security vulnerability in Apple Mac OS X/watchOS/iOS/tvOS
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.
network
apple
4.3
2015-12-11 CVE-2015-7042 Multiple Security vulnerability in Apple Mac OS X/watchOS/iOS/tvOS
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.
network
apple
4.3
2015-12-11 CVE-2015-7041 Multiple Security vulnerability in Apple Mac OS X/watchOS/iOS/tvOS
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.
network
apple
4.3
2015-12-11 CVE-2015-7040 Multiple Security vulnerability in Apple Mac OS X/watchOS/iOS/tvOS
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.
network
apple
4.3
2015-12-11 CVE-2015-7039 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
network
apple CWE-119
6.8
2015-12-11 CVE-2015-7038 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
network
apple CWE-119
6.8
2015-12-11 CVE-2015-7037 Path Traversal vulnerability in Apple Iphone OS
Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
network
low complexity
apple CWE-22
5.0
2015-12-11 CVE-2015-7001 Permissions, Privileges, and Access Controls vulnerability in Apple products
AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
network
apple CWE-264
6.8
2015-11-22 CVE-2015-7036 Improper Input Validation vulnerability in Apple Iphone OS and mac OS X
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.
network
low complexity
apple CWE-20
7.5