CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...

Apple Confirms ‘Extremely Sophisticated’ Exploit Threatening iOS Security

Apple fixes the USB Restricted Mode flaw in iOS 18.3.1 and iPadOS 18.3.1. Vulnerability exploited in targeted attacks.…...

CVE-2024-56957

An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56950

An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-56957

CVE-2024-56957 affects Kingsoft WPS Office for iOS 12.20.0. Affected component: WPS Office iOS link handling. Root cause per connected data: an attacker can induce access to sensitive user information by supplying a crafted link. Exploitation characteristics from CVSS: Network attack vector, low ...

CVE-2024-56964

CVE-2024-56964 affects Guazi Used Car iOS 10.15.1. The connected sources indicate that an attacker can access sensitive user information by supplying a crafted link, implying a vulnerability in how links trigger data exposure. The base CVSS metrics in the Initial document show a Medium severity (...

CVE-2024-56963

CVE-2024-56963 affects Beijing Sogou Technology Development Co., Ltd Sogou Input for iOS 12.2.0. Affected component appears to be the input application where a crafted link can cause disclosure of sensitive user information. The vulnerability’s impact is described as high confidentiality risk wit...

CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code...

CVE-2020-6565

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2020-6528

Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2017-13888

In iOS before 11.2, a type confusion issue was addressed with improved memory handling...

Authentication flaw

DISPUTED An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric TouchID validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is n...

The vulnerability of the iOS operating system, the multimedia player iTunes, and the web browser Safari allows attackers to obtain confidential information.

The vulnerability of the WebKit component of the iOS operating system, the multimedia player iTunes, and the browser Safari is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information...

CVE-2016-7592

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive information via crafted...