Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-20 | CVE-2016-4690 | Improper Input Validation vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 6.8 |
| 2017-02-20 | CVE-2016-4686 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 4.4 |
| 2017-02-20 | CVE-2016-4685 | Inadequate Encryption Strength vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.9 |
| 2017-02-20 | CVE-2016-4680 | Information Exposure vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.5 |
| 2017-02-20 | CVE-2016-4679 | Link Following vulnerability in Apple products An issue was discovered in certain Apple products. | 5.5 |
| 2016-09-25 | CVE-2016-4771 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. | 5.5 |
| 2016-09-25 | CVE-2016-4763 | Cryptographic Issues vulnerability in Apple Itunes WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2016-09-25 | CVE-2016-4760 | Improper Access Control vulnerability in Apple Itunes WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | 6.5 |
| 2016-09-25 | CVE-2016-4758 | Information Exposure vulnerability in Apple Safari WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | 6.5 |
| 2016-09-25 | CVE-2016-4722 | Improper Input Validation vulnerability in Apple Iphone OS The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors. | 5.9 |