CVE-2016-4740
- EPSS 0.31%
- Veröffentlicht 18.09.2016 22:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4741
- EPSS 1.43%
- Veröffentlicht 18.09.2016 22:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
CVE-2016-4719
- EPSS 0.98%
- Veröffentlicht 18.09.2016 22:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
CVE-2016-4620
- EPSS 0.84%
- Veröffentlicht 18.09.2016 22:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVE-2016-4657
- EPSS 66.79%
- Veröffentlicht 25.08.2016 21:59:02
- Zuletzt bearbeitet 21.04.2026 16:22:47
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-4656
- EPSS 23.63%
- Veröffentlicht 25.08.2016 21:59:01
- Zuletzt bearbeitet 21.04.2026 16:22:57
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-4655
- EPSS 33.35%
- Veröffentlicht 25.08.2016 21:59:00
- Zuletzt bearbeitet 21.04.2026 16:23:08
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
CVE-2016-4654
- EPSS 1.39%
- Veröffentlicht 18.08.2016 19:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2016-5131
- EPSS 2.27%
- Veröffentlicht 23.07.2016 19:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE-2016-4653
- EPSS 0.48%
- Veröffentlicht 22.07.2016 03:00:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-...