Vulnerabilities > Apple > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4707 Data Processing Errors vulnerability in Apple Iphone OS
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
local
low complexity
apple CWE-19
4.0
2016-09-25 CVE-2016-4706 Improper Input Validation vulnerability in Apple mac OS X
cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors.
local
low complexity
apple CWE-20
5.5
2016-09-25 CVE-2016-4701 Improper Input Validation vulnerability in Apple mac OS X
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
local
low complexity
apple CWE-20
6.2
2016-09-25 CVE-2016-4618 Cross-site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
apple CWE-79
6.1
2016-09-18 CVE-2016-4746 Information Exposure vulnerability in Apple Iphone OS
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
network
low complexity
apple CWE-200
5.3
2016-09-18 CVE-2016-4741 7PK - Security Features vulnerability in Apple Iphone OS
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
network
high complexity
apple CWE-254
5.9
2016-09-18 CVE-2016-4719 Information Exposure vulnerability in Apple Iphone OS and Watchos
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
local
low complexity
apple CWE-200
5.5
2016-09-06 CVE-2016-7153 Information Exposure vulnerability in multiple products
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
network
low complexity
microsoft google apple opera mozilla CWE-200
5.3
2016-09-06 CVE-2016-7152 Information Exposure vulnerability in multiple products
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
network
low complexity
opera apple mozilla microsoft google CWE-200
5.3
2016-08-25 CVE-2016-4655 Unspecified vulnerability in Apple Iphone OS
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
local
low complexity
apple
5.5