Apple ≫ iPhone OS

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-380...

Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.

QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.

The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.

Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.