Vulnerabilities > Apple > Iphone OS > 8.1.1

DATE CVE VULNERABILITY TITLE RISK
2015-08-16 CVE-2015-3778 Information Exposure vulnerability in Apple Iphone OS and mac OS X
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
low complexity
apple CWE-200
3.3
2015-08-16 CVE-2015-3776 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
network
apple CWE-119
critical
9.3
2015-08-16 CVE-2015-3768 Numeric Errors vulnerability in Apple Iphone OS and mac OS X
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
network
apple CWE-189
critical
9.3
2015-08-16 CVE-2015-3766 Information Exposure vulnerability in Apple Iphone OS and mac OS X
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
network
apple CWE-200
4.3
2015-08-16 CVE-2015-3763 Data Processing Errors vulnerability in Apple Iphone OS
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site.
network
apple CWE-19
4.3
2015-08-16 CVE-2015-3759 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
local
low complexity
apple CWE-264
4.6
2015-08-16 CVE-2015-3758 Improper Input Validation vulnerability in Apple Iphone OS
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
network
apple CWE-20
4.3
2015-08-16 CVE-2015-3756 7PK - Security Features vulnerability in Apple Iphone OS
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
local
low complexity
apple CWE-254
2.1
2015-08-16 CVE-2015-3755 7PK - Security Features vulnerability in Apple Iphone OS and Safari
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
network
apple CWE-254
4.3
2015-08-16 CVE-2015-3753 Information Exposure vulnerability in Apple Iphone OS and Safari
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image data by leveraging a redirect to a data:image resource.
network
low complexity
apple CWE-200
5.0