Vulnerabilities > Apple > Iphone OS > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-17 | CVE-2015-5759 | 7PK - Security Features vulnerability in Apple Iphone OS WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | 5.0 |
2015-08-17 | CVE-2015-5758 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 6.8 |
2015-08-17 | CVE-2015-5756 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. | 6.8 |
2015-08-17 | CVE-2015-5755 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | 6.8 |
2015-08-17 | CVE-2015-5752 | Link Following vulnerability in Apple Iphone OS Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | 5.0 |
2015-08-17 | CVE-2015-5749 | Information Exposure vulnerability in Apple Iphone OS The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | 4.3 |
2015-08-17 | CVE-2015-5746 | Improper Access Control vulnerability in Apple Iphone OS AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | 5.0 |
2015-08-17 | CVE-2015-3807 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. | 4.3 |
2015-08-17 | CVE-2015-3793 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | 4.3 |
2015-08-16 | CVE-2015-3784 | Information Exposure vulnerability in Apple products Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 5.0 |