U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:iphone_os:7.0.1
There are 2,216 matching records.
Displaying matches 1,501 through 1,520.
Vuln ID Summary CVSS Severity
CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 6.8 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-4764

An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Published: February 20, 2017; 3:59:01 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4743

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2016-4721

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4693

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-4692

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4691

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4690

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 6.8 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-4689

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.

Published: February 20, 2017; 3:59:01 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-4686

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 4.4 MEDIUM
V2.0: 3.6 LOW
CVE-2016-4685

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4680

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-4677

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4675

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-4673

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4670

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2016-4669

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-4666

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4665

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

Published: February 20, 2017; 3:59:00 AM -0500
V3.0: 3.3 LOW
V2.0: 4.3 MEDIUM