Lucene search
K
AppleIphone Os

4053 matches found

CVE
CVE
added 2024/02/21 6:41 a.m.6961 views

CVE-2023-42836

CVE-2023-42836 is a logic-issue vulnerability in Apple OSes (iOS/iPadOS/macOS) where an attacker could access connected network volumes mounted in the user’s home directory. The issue is addressed with improved checks and is fixed in iOS 17.1/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, ...

5.3CVSS5.2AI score0.00534EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6905 views

CVE-2023-42952

CVE-2023-42952 affects Apple platforms (iOS, iPadOS, macOS) where an app with root privileges may access private information. The issue is addressed with improved checks and is fixed in iOS/iPadOS 17.1, macOS Ventura 13.6.3, macOS Sonoma 14.1, and macOS Monterey 12.7.1. Connected sources also ref...

4.4CVSS6.7AI score0.00183EPSS
CVE
CVE
added 2024/02/21 6:40 a.m.6858 views

CVE-2023-42939

CVE-2023-42939 is a WebKit logic issue in iOS/iPadOS that may cause a user’s private browsing activity to be saved in the App Privacy Report. It is fixed in iOS 17.1 and iPadOS 17.1; no exploits or attack vectors are detailed in the provided documents.

3.3CVSS5.5AI score0.00173EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6622 views

CVE-2023-42839

CVE-2023-42839 pertains to an Apple-wide issue fixed by improved state management. Affected products/environments include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. The vulnerability potentially allowed an app to access sensitive user data. Remediation is OS updates to...

6.2CVSS7AI score0.00197EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6611 views

CVE-2023-42878

CVE-2023-42878 is a privacy issue affecting Apple platforms (watchOS, macOS, iOS, iPadOS). The root problem is insufficient private data redaction in log entries, enabling an app to access sensitive user data. It is fixed in watchOS 10.1, macOS Sonoma 14.1, and iOS 17.1 / iPadOS 17.1. No exploita...

5.5CVSS7AI score0.00187EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6274 views

CVE-2023-42951

CVE-2023-42951 pertains to Apple’s Safari in iOS 17.1 and iPadOS 17.1. The issue stems from improved handling of caches, and can cause a user to be unable to delete browsing history items. Multiple sources (Apple security notes, NVD entry, Red Hat advisory) confirm the vulnerability is addressed ...

4.3CVSS7.1AI score0.00336EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6257 views

CVE-2023-42843

CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webk­­itgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...

7.5CVSS5.2AI score0.0086EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6228 views

CVE-2023-42953

CVE-2023-42953 is an Apple ecosystem vulnerability describing a permissions issue that could allow an app to access sensitive user data. The connected sources specify remediation in updated versions across multiple Apple platforms: tvOS 17.1, watchOS 10.1, iOS 17.1, iPadOS 17.1, and macOS Sonoma ...

5.5CVSS7.2AI score0.00168EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6220 views

CVE-2023-42946

CVE-2023-42946: Apple platform information-disclosure issue where an app may leak sensitive user data. Affected products include tvOS 17.1, watchOS 10.1, macOS Sonoma 14.1, iOS 17.1, and iPadOS 17.1. Root cause described as improved redaction of sensitive information; public details consistently ...

7.5CVSS7.1AI score0.00439EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6190 views

CVE-2023-42834

CVE-2023-42834 affects Apple platforms (iOS 17.1, iPadOS 17.1, macOS Monterey 12.7.2, macOS Ventura 13.6.3, macOS Sonoma 14.1, watchOS 10.1). The issue is a privacy flaw caused by improved handling of files, which may allow an app to access sensitive user data. Fixed in the indicated OS versions:...

6.2CVSS7AI score0.00213EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6164 views

CVE-2023-42823

CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...

5.5CVSS7.1AI score0.00425EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.6084 views

CVE-2023-42855

The CVE-2023-42855 entry concerns iOS 17.1 / iPadOS 17.1. The issue arises from a design/logic flaw that could allow an attacker with physical access to silently persist an Apple ID on a device that has been erased. Apple’s description indicates this was addressed by improved state management and...

4.6CVSS6.1AI score0.00228EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4543 views

CVE-2023-42873

CVE-2023-42873 affects Apple platforms and is resolved via updated bounds checks that prevent arbitrary code execution with kernel privileges. The fixed versions include macOS Sonoma 14.1; tvOS 17.1; macOS Monterey 12.7.1; macOS Ventura 13.6.1; iOS 16.7.2 and 17.1; and iPadOS 16.7.2 and 17.1. The...

7.8CVSS7.5AI score0.00225EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.4505 views

CVE-2023-42942

CVE-2023-42942 concerns Apple platforms where a vulnerability arose from improper handling of symlinks. The issue could let a malicious app gain root privileges. Public advisories show fixes across multiple Apple OS versions: watchOS 10.1; macOS Sonoma 14.1; tvOS 17.1; iOS 16.7.2 and iPadOS 16.7....

7.8CVSS7AI score0.00387EPSS
CVE
CVE
added 2024/02/21 6:42 a.m.4484 views

CVE-2023-42848

CVE-2023-42848 affects Apple media/image processing components across multiple platforms. The issue causes heap corruption when processing a maliciously crafted image, addressed by updated bounds checks and fixes in: watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and 17.1, and iPadOS 16.7...

7.8CVSS6.9AI score0.00209EPSS
CVE
CVE
added 2024/02/21 6:41 a.m.3864 views

CVE-2023-42928

CVE-2023-42928 affects Apple iOS/iPadOS; root cause: impaired bounds checks; impact: an app may be able to gain elevated privileges; remediation: patch in iOS 17.1 and iPadOS 17.1.

8.4CVSS7.4AI score0.00173EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.3611 views

CVE-2024-27818

Apple fixed CVE-2024-27818 by addressing a memory-handling issue that could allow a local attacker to cause an app to terminate unexpectedly or execute arbitrary code. The vulnerability affects iOS 17.5, iPadOS 17.5, and macOS Sonoma 14.5; exploitation requires local access and user interaction. ...

7.8CVSS7.5AI score0.00727EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.2887 views

CVE-2024-27789

CVE-2024-27789 is a logic issue in Apple systems where improved checks address a vulnerability that could allow an app to access user-sensitive data. The fix is deployed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, and macOS Sonoma 14.4. The connected documents co...

5.5CVSS7.1AI score0.00622EPSS
CVE
CVE
added 2024/05/13 11:0 p.m.2460 views

CVE-2024-27816

The CVE-2024-27816 entry affects tvOS 17.5 (Apple TV) via the AppleMobileFileIntegrity component. A logic issue was addressed with improved checks, with the impact that an attacker may be able to access user data. Apple’s security content indicates this fix is part of tvOS 17.5, and related Apple...

5.5CVSS7.1AI score0.00985EPSS
CVE
CVE
added 2020/12/08 9:11 p.m.2155 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
CVE
CVE
added 2021/02/16 4:55 p.m.2008 views

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

5.9CVSS7AI score0.07471EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.1861 views

CVE-2023-32373

CVE-2023-32373 is a use-after-free in WebKitGTK/WebKit related to processing malicious web content. Connected advisories confirm this vulnerability affects WebKitGTK/WebKit components and note exploitation activity. The issue is fixed in WebKitGTK/WebKit updates (e.g., webkitgtk4 packages) across...

8.8CVSS8.6AI score0.12172EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1823 views

CVE-2023-28204

CVE-2023-28204 is an out-of-bounds read in WebKit caused by improper input handling while processing web content. It affects WebKit-based components and was fixed in multiple vendor advisories: Apple updates (watchOS/macOS/iOS/iPadOS/Safari) and WebKitGTK/WPE WebKit packages (e.g., webkitgtk4 2.3...

6.5CVSS6.6AI score0.14292EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1688 views

CVE-2023-32409

CVE-2023-32409 is a WebKit sandbox-escape vulnerability in WebKit’s handling of web content. The issue allowed a remote attacker to break out of the Web Content sandbox and was addressed by improved bounds checks. Fixes are included in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iP...

8.6CVSS7.7AI score0.1653EPSS
In wild
CVE
CVE
added 2022/07/28 12:0 a.m.1661 views

CVE-2022-2294

CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...

8.8CVSS8.3AI score0.70461EPSS
In wild
CVE
CVE
added 2021/09/08 2:48 p.m.1507 views

CVE-2021-30661

CVE-2021-30661 is a use-after-free vulnerability in WebKit Storage that could lead to arbitrary code execution when processing malicious web content. Affected: WebKit/WebKitGTK/WebKit Storage components on Apple platforms (Safari/WebKit on macOS/iOS/iPadOS, and WebKitGTK implementations) as descr...

8.8CVSS9.1AI score0.04528EPSS
In wild
CVE
CVE
added 2021/04/02 6:1 p.m.1417 views

CVE-2021-1789

The CVE-2021-1789 entry refers to a type-confusion vulnerability in WebKitGTK and WebKit prior to 2.30.6 that could allow remote attackers to execute arbitrary code by processing malicious web content. Connected advisories (Arch Linux ASA-202103-24/ASA-202103-25 and ALAS/ALPINE entries) confirm t...

8.8CVSS8.6AI score0.14542EPSS
In wild
CVE
CVE
added 2020/07/22 4:16 p.m.1360 views

CVE-2020-6514

CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...

6.5CVSS7.3AI score0.0779EPSS
CVE
CVE
added 2022/05/26 5:44 p.m.1342 views

CVE-2022-22675

CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....

9.3CVSS8.2AI score0.12642EPSS
In wild
CVE
CVE
added 2021/03/26 8:48 p.m.1340 views

CVE-2020-7463

CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...

5.5CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2021/04/02 6:6 p.m.1324 views

CVE-2021-1871

CVE-2021-1871 is a WebKit/WebKitGTK logic issue that could allow remote code execution. Public sources confirm the flaw affects multiple WebKit components and was fixed in macOS Big Sur 11.2, macOS Security Update 2021-001 for Catalina and Mojave, and iOS/iPadOS 14.4. Debian’s security advisory (...

9.8CVSS8.6AI score0.0712EPSS
In wild
CVE
CVE
added 2021/04/02 6:6 p.m.1320 views

CVE-2021-1870

CVE-2021-1870 affects WebKitGTK/WebKitGTK-based packages (e.g., Arch Linux webkitgtk4) prior to version 2.30.6. A remote attacker could craft web content to cause arbitrary code execution. Upstream fix is in 2.30.6; Arch advisories (ASA-202103-24/25) and CVE listings confirm the vulnerability and...

9.8CVSS8.6AI score0.07921EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1302 views

CVE-2021-30860

CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...

7.8CVSS6.5AI score0.75994EPSS
In wild
CVE
CVE
added 2021/08/24 6:49 p.m.1294 views

CVE-2021-30858

CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...

8.8CVSS8.9AI score0.13486EPSS
In wild
CVE
CVE
added 2020/11/03 2:21 a.m.1290 views

CVE-2020-15969

CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...

8.8CVSS8.8AI score0.01705EPSS
CVE
CVE
added 2021/09/08 2:25 p.m.1273 views

CVE-2021-30665

CVE-2021-30665 is a memory corruption vulnerability in WebKitGTK/WebKit (before 2.32.3) that can lead to arbitrary code execution when processing malicious web content. It is listed in multiple advisories across WebKitGTK/WebKit and Apple platforms (watchOS/iOS/iPadOS/macOS/tvOS) with exploitatio...

8.8CVSS8.9AI score0.03692EPSS
In wild
CVE
CVE
added 2021/09/08 2:49 p.m.1264 views

CVE-2021-30663

CVE-2021-30663 relates to WebKit/WebKitGTK and involves an integer overflow when processing malicious web content, potentially allowing arbitrary code execution. Publicly documented fixes include upstream WebKitGTK and related WebKit components, with patches delivering non-exploit code paths, and...

8.8CVSS8.7AI score0.0369EPSS
In wild
CVE
CVE
added 2015/05/21 12:0 a.m.1251 views

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

4.3CVSS4.8AI score0.9986EPSS
In wild
CVE
CVE
added 2019/12/18 5:33 p.m.1249 views

CVE-2019-8506

CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...

9.3CVSS8.6AI score0.18108EPSS
In wild
CVE
CVE
added 2022/08/05 12:0 a.m.1222 views

CVE-2022-37434

CVE-2022-37434 describes a heap-based buffer over-read/overflow in zlib’s inflate() (inflate.c) when handling a large gzip header extra field. The vulnerability is limited to code paths that call inflateGetHeader, and is fixed in subsequent zlib revisions. Connected advisories indicate affected e...

9.8CVSS9.9AI score0.1593EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.1210 views

CVE-2023-32419

CVE-2023-32419 describes a bounds-checks issue in Apple iOS/iPadOS that could allow a remote attacker to execute arbitrary code. It is fixed in iOS 16.5 and iPadOS 16.5. No exploitation details are provided beyond that; updating to the patched OS versions is the recommended remediation.

9.8CVSS8.5AI score0.01116EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.1209 views

CVE-2022-22620

CVE-2022-22620 is a WebKit use-after-free vulnerability affecting Apple WebKit/ Safari stack (e.g., WebKit in macOS/iOS/iPadOS, and WebKitGTK/WebKitGTK-based ports). Exploitation involves processing malicious web content, potentially enabling arbitrary code execution. Apple’s fixes are in Safari ...

8.8CVSS8.8AI score0.16342EPSS
In wild
CVE
CVE
added 2021/09/08 2:25 p.m.1191 views

CVE-2021-30666

CVE-2021-30666 is a WebKit-related buffer overflow in Apple iOS WebKit that could allow arbitrary code execution when processing malicious web content. The vulnerability affects WebKit in iOS and is fixed in iOS 12.5.3 (Apple’s advisory HT212341 lists WebKit updates and CVE-2021-30666 with impact...

8.8CVSS9.2AI score0.03031EPSS
In wild
CVE
CVE
added 2021/09/08 1:45 p.m.1191 views

CVE-2021-30761

CVE-2021-30761 is a memory corruption vulnerability in WebKit/iOS WebKit. The issue is triggered by processing malicious web content and can lead to arbitrary code execution. It is fixed in iOS 12.5.4 (WebKit updates included) and Apple notes that this issue may have been actively exploited in th...

8.8CVSS9.2AI score0.10591EPSS
In wild
CVE
CVE
added 2022/08/24 12:0 a.m.1188 views

CVE-2022-32893

CVE-2022-32893 is an out-of-bounds write vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. The CVE is fixed in Apple products by updates: iOS 15.6.1 / iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. Connected advisories not...

8.8CVSS8.8AI score0.09785EPSS
In wild
CVE
CVE
added 2021/09/08 1:46 p.m.1184 views

CVE-2021-30762

CVE-2021-30762 is a WebKit/Apple WebKit use-after-free issue that affects this component in iOS/WebKit, caused by memory management flaws. The vulnerability could allow arbitrary code execution when processing malicious web content, with Apple noting active exploitation in the wild for related We...

8.8CVSS9.1AI score0.10986EPSS
In wild
CVE
CVE
added 2021/04/02 6:7 p.m.1168 views

CVE-2021-1879

CVE-2021-1879 affects Apple WebKit/WebKit-based parsing in iOS/iPadOS/watchOS (WebKit component). The issue is a cross-site scripting vulnerability triggered by processing malicious web content, potentially leading to universal XSS. Root cause: improved management of object lifetimes in WebKit/CS...

6.1CVSS6AI score0.07082EPSS
In wild
CVE
CVE
added 2020/06/05 2:40 p.m.1161 views

CVE-2020-9859

CVE-2020-9859 is an Apple kernel code execution vulnerability triggered by a memory consumption issue. Affected products include iOS 13.5.1/iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6. Root cause: memory handling flaw that could allow an application t...

7.8CVSS7.1AI score0.00829EPSS
In wild
CVE
CVE
added 2022/03/18 5:59 p.m.1150 views

CVE-2022-22587

CVE-2022-22587 is an Apple IOMobileFrameBuffer memory corruption vulnerability that could allow code execution with kernel privileges. The issue is cited as fixed in iOS 15.3, iPadOS 15.3, macOS Big Sur 11.6.3, and macOS Monterey 12.2. Apple’s advisory notes a report that it may have been activel...

10CVSS8.3AI score0.11638EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.1147 views

CVE-2023-32367

CVE-2023-32367: Apple documents an entitlement-related issue where an app may access user-sensitive data. The vulnerability is mitigated in iOS 16.5 and iPadOS 16.5, and macOS Ventura 13.4 (Patch/UPDATE_REQUIRED). No exploitation details are provided in the connected documents; remediation is to ...

5.5CVSS4.9AI score0.00238EPSS
Total number of security vulnerabilities4053