Ios Security Vulnerabilities and Issues — Page 5 of Ios CVE List

Lucene search

AppleIos

274 matches found

CVE•added 2019/03/05 4:29 p.m.•69 views

CVE-2019-6202

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.

7.8CVSS6.3AI score0.00259EPSS

CVE•added 2019/12/18 6:15 p.m.•69 views

CVE-2019-8504

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.

5.5CVSS5.2AI score0.00112EPSS

CVE•added 2019/04/03 6:29 p.m.•68 views

CVE-2018-4377

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6AI score0.00643EPSS

CVE•added 2019/12/18 6:15 p.m.•68 views

CVE-2019-8511

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.

7.8CVSS7.2AI score0.00513EPSS

CVE•added 2019/12/18 6:15 p.m.•68 views

CVE-2019-8648

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.

9.8CVSS8.3AI score0.01127EPSS

CVE•added 2019/12/18 6:15 p.m.•68 views

CVE-2019-8665

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.

7.5CVSS6.9AI score0.00683EPSS

CVE•added 2019/03/05 4:29 p.m.•67 views

CVE-2019-6219

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

7.5CVSS6.9AI score0.01042EPSS

CVE•added 2019/12/18 6:15 p.m.•67 views

CVE-2019-8562

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

9.6CVSS8AI score0.00475EPSS

CVE•added 2019/12/18 6:15 p.m.•67 views

CVE-2019-8804

An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

5.7CVSS5.5AI score0.00155EPSS

CVE•added 2019/04/03 6:29 p.m.•66 views

CVE-2018-4409

A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.5CVSS6.6AI score0.00439EPSS

CVE•added 2019/12/18 6:15 p.m.•66 views

CVE-2019-8556

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.7AI score0.00758EPSS

CVE•added 2019/03/05 4:29 p.m.•65 views

CVE-2019-6211

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00643EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-7284

This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.

4.3CVSS5.1AI score0.00351EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-8541

A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.

3.3CVSS4.7AI score0.00149EPSS

CVE•added 2019/12/18 6:15 p.m.•65 views

CVE-2019-8793

A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator.

5.5CVSS5.3AI score0.00139EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8510

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.3AI score0.00068EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8620

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.

7.5CVSS7.1AI score0.00386EPSS

CVE•added 2019/04/03 6:29 p.m.•63 views

CVE-2018-4360

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS8.1AI score0.00704EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8682

The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.

2.4CVSS4.5AI score0.00045EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8567

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.

7.5CVSS7.4AI score0.00399EPSS

CVE•added 2019/03/05 4:29 p.m.•61 views

CVE-2019-6200

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.

8.8CVSS7.1AI score0.00165EPSS

CVE•added 2019/03/05 4:29 p.m.•61 views

CVE-2019-6228

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS5.8AI score0.00333EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8698

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

4.3CVSS4.5AI score0.00252EPSS

CVE•added 2019/04/03 6:29 p.m.•60 views

CVE-2018-4366

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

7.5CVSS7.5AI score0.0969EPSS

CVE•added 2019/12/18 6:15 p.m.•60 views

CVE-2019-8505

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.

6.1CVSS5.9AI score0.00323EPSS

CVE•added 2019/12/18 6:15 p.m.•60 views

CVE-2019-8593

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.3AI score0.00384EPSS

CVE•added 2019/04/03 6:29 p.m.•59 views

CVE-2018-4271

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

6.5CVSS7.4AI score0.00333EPSS

CVE•added 2019/04/03 6:29 p.m.•59 views

CVE-2018-4367

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

9.8CVSS8AI score0.06785EPSS

CVE•added 2019/12/18 6:15 p.m.•58 views

CVE-2019-6204

6.1CVSS5.9AI score0.00323EPSS

CVE•added 2019/12/18 6:15 p.m.•57 views

CVE-2019-8566

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user.

4.3CVSS4.7AI score0.00276EPSS

CVE•added 2019/04/03 6:29 p.m.•56 views

CVE-2018-4274

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

7.5CVSS7AI score0.0021EPSS

CVE•added 2019/12/18 6:15 p.m.•56 views

CVE-2019-8512

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.

7.9CVSS5.6AI score0.00258EPSS

CVE•added 2019/12/18 6:15 p.m.•56 views

CVE-2019-8626

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.

6.5CVSS6.4AI score0.00447EPSS

CVE•added 2019/04/03 6:29 p.m.•55 views

CVE-2018-4325

A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.

2.4CVSS5AI score0.00057EPSS

CVE•added 2019/04/03 6:29 p.m.•55 views

CVE-2018-4388

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1.

4.6CVSS5.2AI score0.00063EPSS

CVE•added 2019/04/03 6:29 p.m.•54 views

CVE-2018-4440

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

4.3CVSS5.3AI score0.00344EPSS

CVE•added 2019/12/18 6:15 p.m.•54 views

CVE-2019-8760

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

6.8CVSS7.1AI score0.00129EPSS

CVE•added 2019/12/18 6:15 p.m.•53 views

CVE-2019-8711

A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.

5.3CVSS5.7AI score0.00363EPSS

CVE•added 2019/04/03 6:29 p.m.•52 views

CVE-2018-4307

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.

4.3CVSS5.2AI score0.00218EPSS

CVE•added 2019/12/18 6:15 p.m.•52 views

CVE-2019-8630

The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.

3.3CVSS4.2AI score0.00124EPSS

CVE•added 2019/12/18 6:15 p.m.•52 views

CVE-2019-8731

A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information.

5.5CVSS6AI score0.00284EPSS

CVE•added 2019/04/03 6:29 p.m.•51 views

CVE-2018-4305

An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

6.5CVSS6.8AI score0.00087EPSS

CVE•added 2019/04/03 6:29 p.m.•51 views

CVE-2018-4363

An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

7.1CVSS6.2AI score0.00247EPSS

CVE•added 2019/04/03 6:29 p.m.•51 views

CVE-2018-4436

A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.

7.5CVSS7AI score0.00126EPSS

CVE•added 2019/12/18 6:15 p.m.•51 views

CVE-2019-8599

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.

2.4CVSS3.5AI score0.00057EPSS

CVE•added 2019/12/18 6:15 p.m.•51 views

CVE-2019-8727

A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.1AI score0.00351EPSS

CVE•added 2019/03/04 8:29 p.m.•50 views

CVE-2019-6206

An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.

9.8CVSS7.3AI score0.00378EPSS

CVE•added 2019/12/18 6:15 p.m.•50 views

CVE-2019-8699

A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection.

7.5CVSS6.5AI score0.00399EPSS

CVE•added 2019/04/03 6:29 p.m.•49 views

CVE-2018-4430

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.

2.4CVSS3.8AI score0.00057EPSS

CVE•added 2019/04/03 6:29 p.m.•48 views

CVE-2018-4290

A denial of service issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, watchOS 4.3.2.

5.9CVSS5.9AI score0.00367EPSS

Total number of security vulnerabilities274