Apple: >> Iphone Os >> 9.3.3 Security Vulnerabilities
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
CVSS Score
5.3
EPSS Score
0.005
Published
2016-09-18
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVSS Score
2.9
EPSS Score
0.001
Published
2016-09-18
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
CVSS Score
5.9
EPSS Score
0.007
Published
2016-09-18
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
CVSS Score
5.5
EPSS Score
0.002
Published
2016-09-18
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVSS Score
3.3
EPSS Score
0.003
Published
2016-09-18
CVE-2016-4657
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Known exploited
CVSS Score
8.8
EPSS Score
0.815
Published
2016-08-25
CVE-2016-4656
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Known exploited
CVSS Score
7.8
EPSS Score
0.762
Published
2016-08-25
CVE-2016-4655
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
Known exploited
CVSS Score
5.5
EPSS Score
0.825
Published
2016-08-25
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS Score
7.8
EPSS Score
0.004
Published
2016-08-18
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVSS Score
8.8
EPSS Score
0.042
Published
2016-07-23