89 matches found
CVE-2019-8752
CVE-2019-8752 is a memory corruption issue in WebKit that affects Safari and related Apple platforms (Safari/WebKit stack handling malicious web content). The root cause is memory corruption in WebKit components, with the published impact: arbitrary code execution if a user visits a maliciously c...
CVE-2019-8762
CVE-2019-8762 is a WebKit/Web content validation issue resolved across multiple Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Patches are included in Safari 13.0.1, iOS/iPadOS 13.1, tvOS 13, iCloud for Windows 10.7, iCloud for...
CVE-2021-1795
CVE-2021-1795 is a Bluetooth-related out-of-bounds write in iOS/iPadOS components, addressed by Apple in iOS 14.4 and iPadOS 14.4 via improved input validation. Attack vector is remote over Bluetooth; impact described as potential arbitrary code execution. The Apple HT212146 security content conf...
CVE-2021-1796
CVE-2021-1796 corresponds to an Apple vulnerability affecting iOS 14.4/iPadOS 14.4 (Bluetooth-related) where an out-of-bounds write was addressed by improved input validation. The issue could allow a remote attacker to cause arbitrary code execution, with Apple listing this alongside other Blueto...
CVE-2019-8773
CVE-2019-8773 describes memory corruption issues in WebKit affecting how malicious web content is processed across Apple platforms. The root cause is multiple memory corruption vulnerabilities in WebKit, addressed by improved memory handling. Impact: processing maliciously crafted web content may...
CVE-2024-23270
The CVE-2024-23270 issue affects macOS (Monterey 12.7.4; Ventura 13.6.5; Sonoma 14.4) and iOS/iPadOS/tvOS (17.4) where an app may execute arbitrary code with kernel privileges due to improved memory handling. Affected components are not explicitly named in the provided documents; the vulnerabilit...
CVE-2021-30896
CVE-2021-30896 is a logic-issue vulnerability in Apple’s Game Center that could allow a malicious app to read a user’s gameplay data. The initial entry states a logic issue addressed with improved restrictions and lists affected platforms as iOS/iPadOS 15.0.x, tvOS 15.x, watchOS 8.x, and macOS Mo...
CVE-2021-1794
CVE-2021-1794 affects Apple iOS/iPadOS Bluetooth, where an out-of-bounds read was addressed by input validation fixes. Impact: remote code execution possibility. Version fix: iOS 14.4 / iPadOS 14.4. Documented in Apple HT212146 and corroborated by NVD/Red Hat entries; no exploit details provided ...
CVE-2024-23243
CVE-2024-23243 affects Apple iOS 17.4 and iPadOS 17.4, describing a privacy issue where an app may read sensitive location information due to insufficient private data redaction in log entries. Apple fixes are in iOS 17.4 / iPadOS 17.4. Remediation: update to these versions. Practical impact: lim...
CVE-2019-8740
CVE-2019-8740 is a memory corruption vulnerability in Apple’s kernel components. The vulnerability allows an application to potentially execute arbitrary code with kernel privileges. Apple fixes this in iOS 13.1/iPadOS 13.1, watchOS 6, and tvOS 13 by improving locking in the related kernel code. ...
CVE-2020-3887
CVE-2020-3887 is a legitimate vulnerability tied to multiple Apple products. A download origin could be incorrectly associated due to a logic/restrictions handling issue in WebKit-based components. The CVE is addressed in Apple updates: iOS 13.4 / iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for W...
CVE-2024-23205
CVE-2024-23205 describes a privacy issue in Apple platforms where an app may be able to access sensitive user data due to insufficient private data redaction in log entries. The vulnerability is fixed in macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4. Affected components are tied to log handling, w...
CVE-2024-23277
CVE-2024-23277 concerns macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4. The vulnerability allows an attacker on a privileged network position to inject keystrokes by spoofing a keyboard. Apple’s security content indicates this issue is addressed in the 14.4/17.4 updates. The root cause is tied to k...
CVE-2024-0258
CVE-2024-0258 is an Apple memory-handling fix that affects multiple platforms. Connected sources indicate the issue is fixed in tvOS 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4 and watchOS 10.4. Apple security notes describe that an app may be able to execute arbitrary code outside its sandbox...
CVE-2024-23242
CVE-2024-23242 describes a privacy issue where content in text fields was logged, allowing an app to view Mail data. The NCIS of this flaw is not logging such information and affects Apple platforms: the vulnerability is fixed in macOS Sonoma 14.4 and in iOS/iPadOS 17.4. The root cause is not det...
CVE-2024-23250
CVE-2024-23250 affects Apple platforms including macOS Sonoma 14.4, tvOS 17.4, iOS 17.4, iPadOS 17.4 and watchOS 10.4. Description: an access issue where an app may access Bluetooth-connected microphones without user permission. Root cause: access restrictions were improved. Remediation: fixed in...
CVE-2020-27943
CVE-2020-27943 describes a memory corruption bug in FontParser when processing font files, leading to arbitrary code execution. Apple fixes apply to tvOS 14.3, iOS/iPadOS 14.3, macOS Big Sur 11.1, and corresponding Security Updates for Catalina/Mojave, plus watchOS 7.2. The root cause is a font p...
CVE-2024-23255
CVE-2024-23255 describes an authentication issue in Apple devices where photos in the Hidden Photos Album could be viewed without authentication due to improved state management. Affected platforms include macOS Sonoma 14.4, iOS 17.4, and iPadOS 17.4; Apple patches are available in those versions...
CVE-2024-23239
CVE-2024-23239 is a race condition affecting Apple platforms. The advisory notes an issue with improved state handling that may allow an app to leak sensitive user information. Affected versions include tvOS 17.4, iOS 17.4 / iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4. Mitigation is to apply...
CVE-2020-3883
CVE-2020-3883 affects Apple platforms (iOS/iPadOS, macOS Catalina, tvOS, watchOS) and concerns an entitlement issue where an application may be able to use arbitrary entitlements. The vulnerability is addressed by Apple with fixes in iOS 13.4 / iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and ...
CVE-2020-9772
CVE-2020-9772 involves a logic issue that allowed a sandboxed process to potentially circumvent sandbox restrictions. Apple states this vulnerability affects multiple platforms and was fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2. The description emphasize...
CVE-2024-23241
CVE-2024-23241 affects Apple platforms and is an information disclosure issue addressed by Apple in a coordinated update. The NVD entry states improved state management fixes the vulnerability, with the fix shipping in macOS Sonoma 14.4 and iOS/tvOS/iPadOS 17.4. The vulnerability could allow an a...
CVE-2020-27944
The CVE-2020-27944 entry concerns a memory corruption vulnerability in FontParser when processing maliciously crafted font files. Apple security disclosures (HT212003/HT212005/HT212009) indicate the issue could allow arbitrary code execution and is addressed by updates in watchOS 7.2, macOS Big S...
CVE-2024-23297
CVE-2024-23297 affects Apple’s tvOS, iOS, iPadOS and watchOS prior to updates; root cause described as improved checks, with the issue fixed in tvOS 17.4, iOS 17.4, iPadOS 17.4 and watchOS 10.4. The vulnerability could allow a malicious application to access private information. Connected sources...
CVE-2020-9787
CVE-2020-9787 is a logic issue in WebKit/Safari affecting macOS Catalina and iOS/watchOS/tvOS platforms where some websites may not appear in Safari Preferences. The issue was addressed with improved restrictions and patches are provided in iOS 13.4 / iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13....
CVE-2024-23220
The CVE-2024-23220 issue affects Apple visionOS, iOS, and iPadOS Safari related to fingerprinting the user due to an issue in cache handling. The vulnerability arises from the Safari component (on Apple Vision Pro platforms) where improper cache handling could allow an app to fingerprint the user...
CVE-2023-42974
Apple CVE-2023-42974: A race condition with improved state handling could allow an app to execute arbitrary code with kernel privileges. Fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.2, and iOS/iPadOS 16.7.3–17.2. Impact is high (local, requires user interaction). No explo...
CVE-2024-23293
CVE-2024-23293 affects Apple devices running iOS/iPadOS 17.4, tvOS 17.4, watchOS 10.4, and macOS Sonoma 14.4. The issue, described as being addressed via improved state management, could allow an attacker with physical access to exploit Siri to access sensitive user data. The fixed versions are t...
CVE-2024-23256
CVE-2024-23256 describes a logic issue affecting Apple iOS/iPadOS Safari Private Browsing (Locked Private Browsing). The connected documents confirm the vulnerability arises from improved state management, causing a user’s locked tabs to be briefly visible when switching tab groups while Locked P...
CVE-2019-8774
CVE-2019-8774 affects Apple’s Books component across iOS/iPadOS and macOS Catalina. A resource-exhaustion (denial-of-service) condition occurs when parsing a maliciously crafted iBooks file, due to input validation weaknesses in Books. Apple patched this in iOS 13.1, iPadOS 13.1, and macOS Catali...
CVE-2020-3918
CVE-2020-3918 affects Apple platforms (iOS/iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2). Root cause described as an access issue resolved by additional sandbox restrictions, reducing the ability of a local user to view sensitive information. Affected components are tied to sandbox...
CVE-2020-9972
CVE-2020-9972 describes a buffer overflow in processing a malicious USD file that affects Apple devices. Root cause: memory handling issue; impact: may terminate the affected app or allow arbitrary code execution. Fix: Apple addressed in iOS 14.0 and iPadOS 14.0. Additional context from connected...
CVE-2020-3891
Affected product: Messages component on Apple iOS/iPadOS/watchOS. Issue: A logic issue in state management allowed a person with physical access to a locked device to respond to messages even when replies were disabled. Root cause: logic/state-management flaw in Messages. Impact: could enable rep...
CVE-2024-23240
CVE-2024-23240 affects Apple iOS/iPadOS via the Photos feature, where the shake-to-undo workflow could re-surface a deleted photo without authentication. The issue is addressed in iOS 17.4 and iPadOS 17.4 with updated checks. If you rely on this CVE data, apply the 17.4 updates to mitigate. The c...
CVE-2023-42977
CVE-2023-42977 concerns a path-handling issue in Apple platforms that could allow an app to break out of its sandbox. The connected documents specify that the vulnerability affects Apple iOS prior to 17 and iPadOS prior to 17, and macOS Sonoma prior to 14, with the root cause described as a path ...
CVE-2024-44297
The CVE-2024-44297 issue is resolved by Apple in multiple platforms. Affected products include tvOS 18.1; iOS 18.1 and iPadOS 18.1; iOS 17.7.1 and iPadOS 17.7.1; macOS Ventura 13.7.1 and macOS Sonoma 14.7.1; watchOS 11.1; and visionOS 2.1. The vulnerability arises from insufficient bounds checks ...
CVE-2020-3888
CVE-2020-3888 affects Apple’s Web App component (iOS/iPadOS Safari/WebKit). Description: a logic issue where a malicious page could interfere with other web contexts. Root cause: improved restrictions address the logic issue. Impact: potential interference with other web contexts within Web App/W...
CVE-2020-3890
CVE-2020-3890 affects Apple iOS/iPadOS Messages Composition: a logic/deletion issue allowed deleted message groups to be suggested as autocompletion. Root cause: deletion handling in Messages Composition. Impact: potential leakage of deleted content via autocomplete suggestions. Mitigation: patch...
CVE-2024-44139
CVE-2024-44139 affects iOS 18 and iPadOS 18; fix implemented in those versions. The vulnerability allowed an attacker with physical access to potentially access contacts from the lock screen. Root cause described as requiring improved checks; no explicit exploitation details are provided in the s...