CVE-2026-46486 Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

MVT Mobile Verification Toolkit helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerability via unsanitized File identifiers in iOS Backup processing. This issue has been patched in version...

PT-2026-42598

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: file id is used to construct both...

EUVD-2017-16117

Malware in sbrugna...

CVE-2025-24221

This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup...

Code injection

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups...

CVE-2022-32929

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups...

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

Code injection

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

CVE-2017-7079

CVE-2017-7079 affects iTunes before 12.7 (Mac OS X), via the Data Sync component. A crafted app may enable an attacker to access iOS backups created by iTunes. The vulnerability stems from an access control issue in the Data Sync workflow, allowing partial confidentiality impact without integrity...

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

Apple iTunes Security Bypass Vulnerability

Apple iTunes is a suite of media player applications from Apple, Inc. that are used to play and manage digital music and video files. A security bypass vulnerability exists in Apple iTunes versions prior to 12.7. The vulnerability can be exploited by an attacker to access iOS backups made through...

About the security content of iTunes 12.7 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

About the security content of iTunes 12.7

About the security content of iTunes 12.7 This document describes the security content of iTunes 12.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...