CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4740 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4740
14 Sep 2016 — Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. Apple iOS en versiones anteriores a 10, cuando se utiliza Handoff para Messages, no asegura que ha ocurrido un registro en Messages antes de mostrar mensajes, lo que podría permitir a atacantes obtener información sensible a través de vectores no especificados. iOS 10 is now available and a... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4719 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4719
14 Sep 2016 — The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. El componente GeoServices en Apple iOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no restringe adecuadamente los accesos a información PlaceData, lo que permite a atacantes descubrir ubicaciones físicas a través de una aplicación manipulada. iOS 10 is now available and address... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4749 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4749
14 Sep 2016 — Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. Printing UIKit en Apple iOS en versiones anteriores a 10 no maneja adecuadamente variables de entorno, lo que permite a usuarios locales descubrir la vista previa del contenido AirPrint en texto plano mediante la lectura de un archivo temporal. iOS 10 is now available and addresses network blocking, information disclosure, and various ot... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4741 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4741
14 Sep 2016 — The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. El componente Assets en Apple iOS en versiones anteriores a 10 permite a atacantes man-in-the-middle bloquear actualizaciones de software a través de vectores relacionados con falta de una sesión HTTPS para la recuperación de actualizaciones. iOS 10 is now available and addresses network blocking, information disclosure, and various ... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4746 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4746
14 Sep 2016 — The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. El componente Keyboards en Apple iOS en versiones anteriores a 10 no utiliza adecuadamente una caché para sugerencias de autocorrección, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando una corrección no intencion... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4620 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4620
14 Sep 2016 — The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. El componente Sandbox Profiles en Apple iOS en versiones anteriores a 10 no restringe adecuadamente el acceso a los metadatos del directorio para directorios de borradores de SMS, lo que permite a atacantes descubrir receptores de mensajes de texto a través de una aplicación manipulada. iOS 10 is... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4747 – Apple Security Advisory 2016-09-13-1
https://notcve.org/view.php?id=CVE-2016-4747
14 Sep 2016 — Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Mail en Apple iOS en versiones anteriores a 10 no maneja adecuadamente certificados, lo que facilita a atacantes man-in-the-middle descubrir credenciales de correo a través de vectores no especificados. iOS 10 is now available and addresses network blocking, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 2CVE-2016-4656 – Apple iOS Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2016-4656
25 Aug 2016 — The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada. iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities... • https://packetstorm.news/files/id/148041 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 68%CPEs: 1EXPL: 7CVE-2016-4657 – Apple iOS Webkit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2016-4657
25 Aug 2016 — WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. WebKit en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious websit... • https://packetstorm.news/files/id/148041 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 15%CPEs: 2EXPL: 4CVE-2016-4655 – Apple iOS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-4655
25 Aug 2016 — The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. El kernel en Apple iOS en versiones anteriores a 9.3.5 permite a atacantes obtener información sensible de la memoria a través de una aplicación manipulada. iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities. The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. • https://packetstorm.news/files/id/148041 •