Apple Security Vulnerabilities
This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.
9.8CVSS
8.3AI Score
0.002EPSS
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.
9.8CVSS
8.8AI Score
0.002EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
8.2AI Score
0.007EPSS
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
5.9CVSS
5.7AI Score
0.002EPSS
A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
7.8CVSS
8.2AI Score
0.001EPSS
An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
7.8CVSS
6.8AI Score
0.002EPSS
A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
5CVSS
5.8AI Score
0.001EPSS
An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
6.5CVSS
6.8AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.6AI Score
0.385EPSS
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
4.3CVSS
5.2AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14.
5.5CVSS
6.2AI Score
0.001EPSS
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
6.1CVSS
6.1AI Score
0.002EPSS
An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
10CVSS
7.1AI Score
0.004EPSS
The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.1CVSS
7.6AI Score
0.003EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.6AI Score
0.385EPSS
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
5.5CVSS
6.1AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.6AI Score
0.385EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.6AI Score
0.385EPSS
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.8AI Score
0.006EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.6AI Score
0.385EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
7.6AI Score
0.385EPSS
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.1CVSS
7.4AI Score
0.003EPSS
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
5.3CVSS
5.8AI Score
0.001EPSS
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.
3.3CVSS
5AI Score
0.0004EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
8.2AI Score
0.802EPSS
A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. This issue affected versions prior to macOS Mojave 10.14.
5.5CVSS
5.5AI Score
0.001EPSS
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.
2.4CVSS
5AI Score
0.001EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
7.8CVSS
7.3AI Score
0.001EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.
7.8CVSS
7.1AI Score
0.001EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
8.8CVSS
8.2AI Score
0.802EPSS
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.
7.5CVSS
7.1AI Score
0.002EPSS
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
7.8CVSS
7.3AI Score
0.002EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
9.8CVSS
7.4AI Score
0.011EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
9.8CVSS
8.4AI Score
0.006EPSS
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
5.5CVSS
6AI Score
0.001EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.
7.8CVSS
7.6AI Score
0.001EPSS
A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.
5.5CVSS
6AI Score
0.001EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8CVSS
7.9AI Score
0.002EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8CVSS
7.9AI Score
0.002EPSS
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5CVSS
6.3AI Score
0.001EPSS
This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.
5.5CVSS
5.1AI Score
0.0004EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8CVSS
7.4AI Score
0.002EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
8.6CVSS
7.4AI Score
0.002EPSS
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
5.5CVSS
5.8AI Score
0.0004EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
7.8CVSS
7.9AI Score
0.002EPSS
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
6.1CVSS
6.1AI Score
0.002EPSS
A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14.
5.5CVSS
6.2AI Score
0.001EPSS
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
7.8CVSS
7.7AI Score
0.002EPSS
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.
5.5CVSS
6.2AI Score
0.0004EPSS