Apple

iPhone OS

3839 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2016-4658

  • EPSS 19.34%
  • Veröffentlicht 25.09.2016 10:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co...

6.1

CVE-2016-4618

  • EPSS 0.5%
  • Veröffentlicht 25.09.2016 10:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

8.8

CVE-2016-4611

  • EPSS 0.92%
  • Veröffentlicht 25.09.2016 10:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733...

3.3

CVE-2016-4749

  • EPSS 0.06%
  • Veröffentlicht 18.09.2016 22:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.

4.3

CVE-2016-4747

  • EPSS 0.17%
  • Veröffentlicht 18.09.2016 22:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

5.3

CVE-2016-4746

  • EPSS 0.46%
  • Veröffentlicht 18.09.2016 22:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.

2.9

CVE-2016-4740

  • EPSS 0.07%
  • Veröffentlicht 18.09.2016 22:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.

5.9

CVE-2016-4741

  • EPSS 0.67%
  • Veröffentlicht 18.09.2016 22:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.

5.5

CVE-2016-4719

  • EPSS 0.23%
  • Veröffentlicht 18.09.2016 22:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.

4.3

CVE-2016-4620

  • EPSS 0.26%
  • Veröffentlicht 18.09.2016 22:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.