Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-25 | CVE-2016-4718 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. | 6.5 |
| 2016-09-25 | CVE-2016-4708 | Information Exposure vulnerability in Apple products CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. | 6.5 |
| 2016-09-25 | CVE-2016-4707 | Data Processing Errors vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | 4.0 |
| 2016-09-25 | CVE-2016-4618 | Cross-site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | 6.1 |
| 2016-09-18 | CVE-2016-4746 | Information Exposure vulnerability in Apple Iphone OS The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. | 5.3 |
| 2016-09-18 | CVE-2016-4741 | 7PK - Security Features vulnerability in Apple Iphone OS The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. | 5.9 |
| 2016-09-18 | CVE-2016-4719 | Information Exposure vulnerability in Apple Iphone OS and Watchos The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. | 5.5 |
| 2016-08-25 | CVE-2016-4655 | Unspecified vulnerability in Apple Iphone OS The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | 5.5 |
| 2016-07-22 | CVE-2016-4651 | Cross-site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability. | 6.1 |
| 2016-07-22 | CVE-2016-4635 | Information Exposure vulnerability in Apple Iphone OS and mac OS X FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | 5.3 |