Vulnerabilities > Apple > Iphone OS > Low

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4593 Information Exposure vulnerability in Apple Iphone OS
The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
low complexity
apple CWE-200
2.4
2016-05-20 CVE-2016-1849 Information Exposure vulnerability in Apple Safari
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
local
low complexity
apple CWE-200
3.3
2016-05-20 CVE-2016-1852 Information Exposure vulnerability in Apple Iphone OS
Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.
low complexity
apple CWE-200
2.4
2016-05-20 CVE-2016-1790 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
local
low complexity
apple CWE-119
3.3
2016-03-24 CVE-2016-1748 Information Exposure vulnerability in Apple products
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
local
low complexity
apple CWE-200
3.3
2016-03-24 CVE-2016-1758 Information Exposure vulnerability in Apple Iphone OS
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
local
low complexity
apple CWE-200
3.3
2016-03-24 CVE-2016-1763 Improper Input Validation vulnerability in Apple Iphone OS
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
network
low complexity
apple CWE-20
3.5
2015-05-21 CVE-2015-4000 Cryptographic Issues vulnerability in multiple products
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
3.7
2014-09-18 CVE-2014-4407 Information Exposure vulnerability in Apple Iphone OS and Tvos
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
local
low complexity
apple CWE-200
3.3