The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.
CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.