Vulnerabilities > Apple > Iphone OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-18 CVE-2016-4741 7PK - Security Features vulnerability in Apple Iphone OS
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
network
high complexity
apple CWE-254
5.9
2016-09-18 CVE-2016-4719 Information Exposure vulnerability in Apple Iphone OS and Watchos
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
local
low complexity
apple CWE-200
5.5
2016-08-25 CVE-2016-4655 Unspecified vulnerability in Apple Iphone OS
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
local
low complexity
apple
5.5
2016-07-22 CVE-2016-4651 Cross-site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.
network
low complexity
apple CWE-79
6.1
2016-07-22 CVE-2016-4635 Information Exposure vulnerability in Apple Iphone OS
FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.
network
high complexity
apple CWE-200
5.3
2016-07-22 CVE-2016-4628 Out-of-bounds Read vulnerability in Apple Iphone OS
IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
local
low complexity
apple CWE-125
5.5
2016-07-22 CVE-2016-4605 NULL Pointer Dereference vulnerability in Apple Iphone OS
Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.
network
low complexity
apple CWE-476
6.5
2016-07-22 CVE-2016-4603 7PK - Security Features vulnerability in Apple Iphone OS
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
network
low complexity
apple CWE-254
4.3
2016-07-22 CVE-2016-1865 NULL Pointer Dereference vulnerability in Apple products
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
local
low complexity
apple CWE-476
5.5
2016-06-19 CVE-2016-1864 Information Exposure vulnerability in Apple Safari
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
network
low complexity
apple CWE-200
4.3