Apple: >> Iphone Os >> 1.0.1 Security Vulnerabilities
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.
CVSS Score
6.8
EPSS Score
0.019
Published
2015-10-23
The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS Score
6.8
EPSS Score
0.019
Published
2015-10-23
The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-10-23
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
CVSS Score
7.5
EPSS Score
0.021
Published
2015-10-23
WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.
CVSS Score
6.8
EPSS Score
0.013
Published
2015-10-23
The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.
CVSS Score
7.1
EPSS Score
0.005
Published
2015-10-23
Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-10-23
The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
CVSS Score
5.0
EPSS Score
0.002
Published
2015-10-23
The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-10-23
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
CVSS Score
7.5
EPSS Score
0.021
Published
2015-10-23