Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-20 | CVE-2016-4613 | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 6.5 |
| 2016-09-25 | CVE-2016-4771 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname. | 5.5 |
| 2016-09-25 | CVE-2016-4763 | Cryptographic Issues vulnerability in Apple Itunes WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 6.8 |
| 2016-09-25 | CVE-2016-4760 | Improper Access Control vulnerability in Apple Itunes WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | 6.5 |
| 2016-09-25 | CVE-2016-4758 | Information Exposure vulnerability in Apple Safari WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | 6.5 |
| 2016-09-25 | CVE-2016-4755 | Information Exposure vulnerability in Apple mac OS X Terminal in Apple OS X before 10.12 uses weak permissions for the .bash_history and .bash_session files, which allows local users to obtain sensitive information via unspecified vectors. | 5.5 |
| 2016-09-25 | CVE-2016-4752 | Information Exposure vulnerability in Apple mac OS X The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation. | 5.5 |
| 2016-09-25 | CVE-2016-4748 | 7PK - Security Features vulnerability in Apple mac OS X Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | 5.3 |
| 2016-09-25 | CVE-2016-4745 | Information Exposure vulnerability in Apple mac OS X The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | 5.3 |
| 2016-09-25 | CVE-2016-4742 | Information Exposure vulnerability in Apple mac OS X NSSecureTextField in Apple OS X before 10.12 does not enable Secure Input, which allows attackers to discover credentials via a crafted app. | 5.5 |