Apple

iPhone OS

3839 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-5523

Exploit
  • EPSS 5.03%
  • Veröffentlicht 11.08.2015 14:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

6.8

CVE-2015-5522

Exploit
  • EPSS 6.47%
  • Veröffentlicht 11.08.2015 14:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

4.8

CVE-2015-3728

  • EPSS 0.19%
  • Veröffentlicht 03.07.2015 02:00:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.

4.6

CVE-2015-3726

  • EPSS 0.33%
  • Veröffentlicht 03.07.2015 02:00:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.

6.8

CVE-2015-3727

  • EPSS 0.94%
  • Veröffentlicht 03.07.2015 02:00:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web s...

4.3

CVE-2015-3725

  • EPSS 0.6%
  • Veröffentlicht 03.07.2015 02:00:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.

6.8

CVE-2015-3724

  • EPSS 1.18%
  • Veröffentlicht 03.07.2015 02:00:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.

6.8

CVE-2015-3723

  • EPSS 1.18%
  • Veröffentlicht 03.07.2015 02:00:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.

4.3

CVE-2015-3722

  • EPSS 0.6%
  • Veröffentlicht 03.07.2015 02:00:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.

4.3

CVE-2015-3721

  • EPSS 0.58%
  • Veröffentlicht 03.07.2015 02:00:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.