CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4747
https://notcve.org/view.php?id=CVE-2016-4747
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Mail en Apple iOS en versiones anteriores a 10 no maneja adecuadamente certificados, lo que facilita a atacantes man-in-the-middle descubrir credenciales de correo a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4741
https://notcve.org/view.php?id=CVE-2016-4741
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. El componente Assets en Apple iOS en versiones anteriores a 10 permite a atacantes man-in-the-middle bloquear actualizaciones de software a través de vectores relacionados con falta de una sesión HTTPS para la recuperación de actualizaciones. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-254: 7PK - Security Features •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4746
https://notcve.org/view.php?id=CVE-2016-4746
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. El componente Keyboards en Apple iOS en versiones anteriores a 10 no utiliza adecuadamente una caché para sugerencias de autocorrección, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando una corrección no intencionada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4719
https://notcve.org/view.php?id=CVE-2016-4719
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. El componente GeoServices en Apple iOS en versiones anteriores a 10 y watchOS en versiones anteriores a 3 no restringe adecuadamente los accesos a información PlaceData, lo que permite a atacantes descubrir ubicaciones físicas a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html http://www.securityfocus.com/bid/92932 http://www.securityfocus.com/bid/92933 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207141 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4740
https://notcve.org/view.php?id=CVE-2016-4740
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. Apple iOS en versiones anteriores a 10, cuando se utiliza Handoff para Messages, no asegura que ha ocurrido un registro en Messages antes de mostrar mensajes, lo que podría permitir a atacantes obtener información sensible a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html http://www.securityfocus.com/bid/92932 http://www.securitytracker.com/id/1036797 https://support.apple.com/HT207143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •