iphone_os vulnerabilities and exploits

2.1
CVSSv2
CVE-2016-7634

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible....

6.8
CVSSv2
CVE-2010-1752

Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling....

2.1
CVSSv2
CVE-2014-1274

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call....

5
CVSSv2
CVE-2015-5766

Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling....

5
CVSSv2
CVE-2017-2400

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of...

2.1
CVSSv2
CVE-2018-4387

A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1....

2.1
CVSSv2
CVE-2018-4239

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image....

2.1
CVSSv2
CVE-2012-3731

Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors....

5
CVSSv2
CVE-2011-3432

The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog....

3.5
CVSSv2
CVE-2016-1763

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread....