36 matches found
CVE-2018-4211
CVE-2018-4211 is an Apple FontParser memory-corruption/remote code execution vulnerability. AFFECTED PRODUCTS: iOS < 11.4, macOS < 10.13.5, tvOS < 11.4, and watchOS
CVE-2018-4087
CVE-2018-4087 concerns a memory corruption issue in the Core Bluetooth component affecting Apple platforms (iOS before 11.2.5, tvOS before 11.2.5, watchOS before 4.2.2). The root cause is a memory handling/memory corruption defect in Core Bluetooth that can allow an app to execute arbitrary code ...
CVE-2018-4206
CVE-2018-4206 affects Crash Reporter across Apple platforms: iOS <11.3.1, macOS <10.13.4, tvOS <11.4, watchOS
CVE-2018-4188
CVE-2018-4188 affects Apple’s WebKit across multiple OS X/iOS platforms. The issue, present in iOS prior to 11.4, Safari prior to 11.1.1, iCloud/Windows components, and tvOS prior to 11.4, allows remote attackers to spoof the address bar via a crafted web page. The Apple advisories for Safari 11....
CVE-2017-2362
CVE-2017-2362 affects WebKit in Apple devices: iOS before 10.2.1, Safari before 10.0.3, and tvOS before 10.1.1. The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site, involving memory corruption and application crash. The root cause is des...
CVE-2018-4241
CVE-2018-4241 is an intra-object linear heap buffer overflow in Apple’s XNU kernel, specifically in mptcp_usr_connectx. The issue affects iOS prior to 11.4, macOS prior to 10.13.5, tvOS prior to 11.4, and watchOS prior to 4.3.1, and can lead to arbitrary code execution in kernel context via a cra...
CVE-2018-4243
CVE-2018-4243 is a kernel-level buffer overflow in Apple’s OS X/iOS kernel: a vulnerability in getvolattrlist affects iOS < 11.4, macOS < 10.13.5, tvOS < 11.4, and watchOS
CVE-2018-4224
CVE-2018-4224 affects multiple Apple platforms (iOS <11.4, macOS <10.13.5, iCloud/Windows, iTunes/Windows, tvOS <11.4, watchOS
CVE-2018-4223
CVE-2018-4223 affects Apple OSes: iOS < 11.4, macOS < 10.13.5, tvOS < 11.4, watchOS
CVE-2018-4235
CVE-2018-4235 is an injection-related issue in Apple’s Messages component that enables a local impersonation attack. It affects iOS 11.4, macOS 10.13.5, tvOS 11.4, and watchOS 4.3.1, as noted across Apple security updates. Root cause is an injection vulnerability in Messages handling that allows ...
CVE-2018-4088
The CVE-2018-4088 entry maps to memory-corruption flaws in WebKit that could allow remote code execution via crafted web content in Apple platforms. Affected products include iOS before 11.2.5, macOS before 10.13.3, Safari before 11.0.3, iCloud/iTunes on Windows, tvOS before 11.2.5, and watchOS b...
CVE-2018-4249
CVE-2018-4249 affects Apple kernel components (pktmnglr_ipfilter_input in com.apple.packet-mangler) and can allow code execution in kernel mode or cause a denial of service when processing a crafted app. Affected products include iOS before 11.4, macOS before 10.13.5, tvOS before 11.4, and watchO...
CVE-2018-4198
CVE-2018-4198 affects UIKit in Apple platforms: iOS <11.4, macOS <10.13.5, tvOS <11.4, watchOS
CVE-2016-4613
CVE-2016-4613 affects Apple WebKit components in Safari (<10.0.1), iCloud (<6.0.1), iTunes (<12.5.2), and tvOS (
CVE-2018-4096
CVE-2018-4096 is a WebKit memory-corruption issue exploited via a crafted web site, affecting multiple Apple platforms (iOS <11.2.5, macOS <10.13.3, Safari <11.0.3, iCloud/iTunes on Windows, tvOS <11.2.5, watchOS
CVE-2018-4089
CVE-2018-4089 involves the WebKit component in several Apple platforms. According to Apple security content, affected products include iOS prior to 11.2.5, macOS prior to 10.13.3, Safari prior to 11.0.3, and tvOS prior to 11.2.5. The issue allows remote attackers to execute arbitrary code or caus...
CVE-2024-44157
CVE-2024-44157 is a stack buffer overflow vulnerability arising from insufficient input validation in the video parsing path. Concrete details across sources show the affected software as Apple TV on Windows and iTunes on Windows, with fixed versions: Apple TV 1.5.0.152 for Windows and iTunes 12....
CVE-2018-4094
CVE-2018-4094 affects Apple devices (iOS <11.2.5, macOS <10.13.3, tvOS <11.2.5, watchOS
CVE-2018-4189
CVE-2018-4189 is a memory corruption vulnerability affecting Apple platforms: iOS before 11.2.5, macOS High Sierra before 10.13.3, watchOS before 4.2.2, tvOS before 11.2.5, and related Security Updates. The issue was addressed with improved memory handling; no concrete exploit details are provide...
CVE-2018-4086
CVE-2018-4086 affects Apple devices on iOS < 11.2.5, macOS < 10.13.3, tvOS < 11.2.5, and watchOS
CVE-2011-3427
The CVE-2011-3427 entry concerns Apple iOS (pre-5) and Apple TV (pre-4.4) Data Security: X.509 certificates may accept MD5-signed certs, weakening cryptographic checks. Root cause: use of the MD5 hash algorithm within certificate validation is not properly restricted, enabling a man-in-the-middle...
CVE-2016-4642
CVE-2016-4642 affects CFNetwork Proxies in iOS 9.3.3 and later, tvOS 9.2.2, and OS X El Capitan 10.11.6/Security Update 2016-004. The flaw: proxy authentication incorrectly reported HTTP proxies received credentials securely, with an impact described as possible leakage of sensitive user informat...
CVE-2016-4643
CVE-2016-4643 affects Apple iOS (prior to 9.3.3), tvOS (prior to 9.2.2) and OS X El Capitan (prior to 10.11.6 and Security Update 2016-004). Root cause: a validation issue in the parsing of HTTP 407 responses within CFNetwork Proxies. Consequence (as stated by Apple and CVE references): an attack...
CVE-2018-4298
CVE-2018-4298 maps to a permissions issue in Remote Management on macOS High Sierra (before 10.13.3) and related Security Updates. A remote user could gain root privileges due to insufficient permission validation, with the issue addressed by improved permission checks in the Remote Management co...
CVE-2018-4082
CVE-2018-4082 affects Apple devices across iOS, macOS, tvOS, and watchOS where the Kernel component is vulnerable. The issue allows an attacker with a crafted app to cause memory corruption, potentially enabling arbitrary code execution in a privileged context or a denial of service. Publicly doc...
CVE-2018-4085
CVE-2018-4085 affects Apple devices via the QuartzCore component. A memory corruption issue in processing web content could allow remote code execution or cause a denial of service (application crash). Affected: iOS before 11.2.5, macOS before 10.13.3, tvOS before 11.2.5, watchOS before 4.2.2. Mi...
CVE-2018-4095
CVE-2018-4095 affects Core Bluetooth in Apple platforms: iOS before 11.2.5, tvOS before 11.2.5, and watchOS before 4.2.2. A crafted app can trigger a memory corruption issue to execute arbitrary code with system privileges or cause a denial of service. Apple’s security content for iOS 11.2.5, tvO...
CVE-2016-4644
In CVE-2016-4644, Apple iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6/ Security Update 2016-004 have a downgrade issue where HTTP authentication credentials saved in Keychain could be compromised. The underlying problem was mitigated by storing the authentication types ...
CVE-2018-4092
CVE-2018-4092 affects Apple OS kernels across iOS, macOS, tvOS, and watchOS. The root cause is a race condition in the Kernel that can allow a crafted app to bypass memory-read restrictions. Affected versions include iOS before 11.2.5, macOS before 10.13.3, tvOS before 11.2.5, and watchOS before ...
CVE-2018-4090
CVE-2018-4090 affects Apple OSes including iOS < 11.2.5, macOS < 10.13.3, tvOS < 11.2.5, and watchOS
CVE-2020-27940
The CVE-2020-27940 issue affects the Apple TV app for Fire OS, where an attacker with file system access could modify scripts used by the app due to improper file handling. The vulnerability is addressed by improvements in file handling and is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. ...
CVE-2018-4109
CVE-2018-4109 affects Apple platforms via the Graphics Driver. A memory corruption issue in the Graphics Driver could allow a crafted app to execute arbitrary code with kernel privileges or cause a denial of service. Affected products are iOS before 11.2.5, tvOS before 11.2.5, and watchOS before ...
CVE-2011-3259
The CVE-2011-3259 vulnerability affects Apple iOS prior to 5 and Apple TV prior to 4.4 where the kernel does not promptly recover memory allocated for incomplete TCP connections. This can allow a remote attacker to cause resource exhaustion leading to a denial of service by establishing numerous ...
CVE-2011-0162
CVE-2011-0162 affects Apple iOS before 4.3 and Apple TV before 4.2. The issue is improper bounds checking for Wi‑Fi frames, allowing remote attackers on the local wireless network to cause a denial of service (device reset). The description confirms a network-based impact with high severity (CVSS...
CVE-2011-1418
The CVE relates to IPv6 SLAAC on Apple iOS before 4.3 and Apple TV before 4.2, where the MAC address is exposed in the IPv6 address. This allows remote servers to potentially track users via source IPv6 addresses. Root cause: IPv6 SLAAC implementation leaking the MAC into the address. The provide...
CVE-2018-4093
Summary: CVE-2018-4093 is a kernel-level memory-read bypass affecting Apple platforms. The vulnerability exists in the Kernel component across iOS before 11.2.5, macOS before 10.13.3, tvOS before 11.2.5, and watchOS before 4.2.2. The issue allows a crafted app to bypass memory-read restrictions a...