Apple Security Vulnerabilities
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5CVSS
5.5AI Score
0.0005EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) vi...
7.5CVSS
6.8AI Score
0.023EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a...
7.8CVSS
8.1AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Security" co...
7.8CVSS
7.5AI Score
0.002EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.
8.8CVSS
8.1AI Score
0.012EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...
6.5CVSS
6.1AI Score
0.005EPSS
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.
9.8CVSS
9AI Score
0.006EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.
9.8CVSS
8AI Score
0.149EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page.
8.8CVSS
6.6AI Score
0.006EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a...
7.8CVSS
8.1AI Score
0.003EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7CVSS
7.2AI Score
0.002EPSS
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7CVSS
7.3AI Score
0.002EPSS
An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.
5.9CVSS
6.6AI Score
0.001EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7CVSS
7.2AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privile...
7CVSS
7.3AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7CVSS
7.2AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged ...
7CVSS
7.3AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
7CVSS
7.2AI Score
0.002EPSS
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5.5CVSS
5AI Score
0.0005EPSS
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
7.8CVSS
8.1AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...
8.8CVSS
8.6AI Score
0.006EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...
8.8CVSS
8.7AI Score
0.005EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" compon...
8.8CVSS
8.7AI Score
0.005EPSS
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.
9.8CVSS
8.1AI Score
0.014EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers ...
8.8CVSS
8.7AI Score
0.005EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privilege...
7CVSS
7.3AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a pri...
7CVSS
7.2AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.
4.6CVSS
4.2AI Score
0.001EPSS
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation.
9.8CVSS
8.3AI Score
0.002EPSS
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
7.8CVSS
7.3AI Score
0.0004EPSS
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties.
5.5CVSS
4.5AI Score
0.001EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
4.6CVSS
4.5AI Score
0.001EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
5.9CVSS
5.5AI Score
0.002EPSS
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
7.8CVSS
7.1AI Score
0.001EPSS
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
5.5CVSS
5.8AI Score
0.001EPSS
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.
5.5CVSS
5AI Score
0.0004EPSS
In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.
5.5CVSS
6.6AI Score
0.0004EPSS
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
7.8CVSS
4.8AI Score
0.001EPSS
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
5.5CVSS
4.8AI Score
0.001EPSS
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.
8.2CVSS
6.7AI Score
0.001EPSS
In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.
8.2CVSS
6.7AI Score
0.001EPSS
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Speech" component. It allows attackers to bypass a sandbox protection mechanism to obtain microphone access.
7.5CVSS
6.5AI Score
0.001EPSS
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
7.5CVSS
7.1AI Score
0.004EPSS
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.
7.5CVSS
7.4AI Score
0.002EPSS
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
6.5CVSS
5.8AI Score
0.006EPSS
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...
6.5CVSS
6.2AI Score
0.005EPSS
In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.
9.8CVSS
8.6AI Score
0.006EPSS
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...
8.8CVSS
6.9AI Score
0.012EPSS
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.8AI Score
0.008EPSS