Vulnerabilities > Apple > Iphone OS > 4.2.10

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4607 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject CWE-119
critical
9.8
2016-07-22 CVE-2016-4605 NULL Pointer Dereference vulnerability in Apple Iphone OS
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.
network
apple CWE-476
7.1
2016-07-22 CVE-2016-4603 7PK - Security Features vulnerability in Apple Iphone OS
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
network
apple CWE-254
4.3
2016-07-22 CVE-2016-4594 Improper Input Validation vulnerability in Apple products
The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
network
apple CWE-20
6.8
2016-07-22 CVE-2016-4593 Information Exposure vulnerability in Apple Iphone OS
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
local
low complexity
apple CWE-200
2.1
2016-07-22 CVE-2016-4584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos
The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
apple CWE-119
6.8
2016-07-22 CVE-2016-4582 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.
local
low complexity
apple CWE-119
7.2
2016-07-22 CVE-2016-1865 NULL Pointer Dereference vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
local
low complexity
apple CWE-476
4.9
2016-07-22 CVE-2016-1863 Use After Free vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
local
low complexity
apple CWE-416
7.2
2016-06-19 CVE-2016-1864 Information Exposure vulnerability in Apple Iphone OS and Safari
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
network
low complexity
apple CWE-200
5.0