Product:

Iphone_os

(Apple)
Repositories https://github.com/madler/zlib
https://github.com/file/file
https://github.com/WebKit/webkit
https://github.com/vadz/libtiff
#Vulnerabilities 3369
Date Id Summary Products Score Patch Annotated
2017-04-01 CVE-2017-2455 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Iphone_os, Safari, Tvos 8.8
2017-04-01 CVE-2017-2454 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Iphone_os, Safari, Tvos 8.8
2017-04-01 CVE-2017-2452 An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors. Iphone_os 4.6
2017-04-01 CVE-2017-2451 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. Iphone_os, Mac_os_x, Tvos, Watchos 7.8
2017-04-01 CVE-2017-2450 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file. Iphone_os, Mac_os_x, Tvos, Watchos 7.1
2017-04-01 CVE-2017-2448 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets. Iphone_os, Mac_os_x, Tvos, Watchos 5.9
2017-04-01 CVE-2017-2447 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site. Iphone_os, Safari, Tvos 8.1
2017-04-01 CVE-2017-2445 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects. Iphone_os, Safari, Tvos 6.1
2017-04-01 CVE-2017-2444 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Iphone_os, Safari, Tvos, Watchos 8.8
2017-04-01 CVE-2017-2442 An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Iphone_os, Safari 6.5