Vulnerabilities > Apple > Iphone OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4771 Information Exposure vulnerability in Apple Iphone OS
The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.
local
low complexity
apple CWE-200
5.5
2016-09-25 CVE-2016-4763 Cryptographic Issues vulnerability in Apple Itunes
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
apple CWE-310
6.8
2016-09-25 CVE-2016-4760 Improper Access Control vulnerability in Apple Itunes
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
network
low complexity
apple CWE-284
6.5
2016-09-25 CVE-2016-4758 Information Exposure vulnerability in Apple Safari
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
network
low complexity
apple CWE-200
6.5
2016-09-25 CVE-2016-4722 Improper Input Validation vulnerability in Apple Iphone OS
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
network
high complexity
apple CWE-20
5.9
2016-09-25 CVE-2016-4718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file.
network
low complexity
apple CWE-119
6.5
2016-09-25 CVE-2016-4708 Information Exposure vulnerability in Apple products
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
network
low complexity
apple CWE-200
6.5
2016-09-25 CVE-2016-4707 Data Processing Errors vulnerability in Apple Iphone OS
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
local
low complexity
apple CWE-19
4.0
2016-09-25 CVE-2016-4618 Cross-site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
apple CWE-79
6.1
2016-09-18 CVE-2016-4746 Information Exposure vulnerability in Apple Iphone OS
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
network
low complexity
apple CWE-200
5.3