Apple: >> Iphone Os >> 1.0.1 Security Vulnerabilities
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.
CVSS Score
5.9
EPSS Score
0.007
Published
2016-09-18
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application.
CVSS Score
5.5
EPSS Score
0.002
Published
2016-09-18
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVSS Score
3.3
EPSS Score
0.003
Published
2016-09-18
CVE-2016-4657
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Known exploited
CVSS Score
8.8
EPSS Score
0.815
Published
2016-08-25
CVE-2016-4656
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Known exploited
CVSS Score
7.8
EPSS Score
0.762
Published
2016-08-25
CVE-2016-4655
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
Known exploited
CVSS Score
5.5
EPSS Score
0.825
Published
2016-08-25
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVSS Score
8.8
EPSS Score
0.042
Published
2016-07-23
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-07-22
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-07-22
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
CVSS Score
8.8
EPSS Score
0.021
Published
2016-07-22