Iphone Os Security Vulnerabilities and Issues — Page 35 of Iphone Os CVE List

Lucene search

AppleIphone Os

3721 matches found

CVE•added 2022/11/01 8:15 p.m.•70 views

CVE-2022-32938

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. A shortcut may be able to check the existence of an arbitrary path on the file system.

5.3CVSS5.7AI score0.00249EPSS

CVE•added 2022/11/01 8:15 p.m.•70 views

CVE-2022-42813

A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution.

9.8CVSS8.5AI score0.00247EPSS

CVE•added 2023/04/10 7:15 p.m.•70 views

CVE-2022-46709

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges

9.8CVSS8.5AI score0.00215EPSS

CVE•added 2023/05/08 8:15 p.m.•70 views

CVE-2023-23523

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.

3.3CVSS3AI score0.00057EPSS

CVE•added 2023/05/08 8:15 p.m.•70 views

CVE-2023-27943

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied.

5.5CVSS4.3AI score0.0004EPSS

CVE•added 2023/06/23 6:15 p.m.•70 views

CVE-2023-32389

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.

5.5CVSS4.8AI score0.00041EPSS

CVE•added 2024/03/08 2:15 a.m.•70 views

CVE-2024-23220

The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.

5.5CVSS6.3AI score0.00062EPSS

CVE•added 2024/03/08 2:15 a.m.•70 views

CVE-2024-23297

The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information.

5.5CVSS5.3AI score0.00138EPSS

CVE•added 2024/05/14 3:13 p.m.•70 views

CVE-2024-27821

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.

7.5CVSS4.2AI score0.03058EPSS

CVE•added 2024/07/29 11:15 p.m.•70 views

CVE-2024-40786

This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information.

7.5CVSS5.7AI score0.00295EPSS

CVE•added 2024/10/04 12:15 a.m.•70 views

CVE-2024-44204

A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver.

5.5CVSS5.8AI score0.00079EPSS

CVE•added 2024/10/28 9:15 p.m.•70 views

CVE-2024-44274

The issue was addressed with improved authentication. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access to a locked device may be able to view sensitive user information.

4.6CVSS4.7AI score0.00064EPSS

CVE•added 2025/01/27 10:15 p.m.•70 views

CVE-2024-54550

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.

4CVSS5.3AI score0.00017EPSS

CVE•added 2025/03/31 11:15 p.m.•70 views

CVE-2025-30432

A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating tim...

6.4CVSS5.5AI score0.00087EPSS

CVE•added 2025/03/31 11:15 p.m.•70 views

CVE-2025-30456

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.

7.8CVSS6AI score0.0002EPSS

CVE•added 2025/03/31 11:15 p.m.•70 views

CVE-2025-31191

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data.

5.5CVSS5.3AI score0.0002EPSS

CVE•added 2011/08/29 3:55 p.m.•69 views

CVE-2011-2823

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

7.5CVSS7AI score0.0229EPSS

CVE•added 2012/03/05 7:55 p.m.•69 views

CVE-2011-3044

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.

6.8CVSS6.9AI score0.02363EPSS

CVE•added 2012/03/09 12:55 a.m.•69 views

CVE-2011-3046

The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

10CVSS6.3AI score0.04464EPSS

CVE•added 2011/11/11 6:55 p.m.•69 views

CVE-2011-3439

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

9.3CVSS7.4AI score0.06539EPSS

CVE•added 2012/03/08 10:55 p.m.•69 views

CVE-2012-0588

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.

4.3CVSS5.2AI score0.00588EPSS

CVE•added 2013/09/19 10:27 a.m.•69 views

CVE-2013-1041

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2014/03/14 10:55 a.m.•69 views

CVE-2014-1289

WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293...

6.8CVSS7.7AI score0.01795EPSS

CVE•added 2014/09/18 10:55 a.m.•69 views

CVE-2014-4414

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS

CVE•added 2015/04/10 2:59 p.m.•69 views

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.7AI score0.00074EPSS

CVE•added 2016/07/22 3:0 a.m.•69 views

CVE-2016-4653

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/09/25 10:59 a.m.•69 views

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

6.5CVSS6.4AI score0.04174EPSS

CVE•added 2017/02/20 8:59 a.m.•69 views

CVE-2016-7610

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8AI score0.00774EPSS

CVE•added 2017/04/02 1:59 a.m.•69 views

CVE-2017-2379

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Carbon" component. It allows remote attackers to execute arbitrary code or cause a denial of servic...

7.8CVSS8.5AI score0.00921EPSS

CVE•added 2017/04/02 1:59 a.m.•69 views

CVE-2017-2417

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of service (infinite recursio...

5.5CVSS5.7AI score0.00554EPSS

CVE•added 2017/04/02 1:59 a.m.•69 views

CVE-2017-2435

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of serv...

7.8CVSS8.6AI score0.00774EPSS

CVE•added 2017/10/23 1:29 a.m.•69 views

CVE-2017-7108

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory co...

10CVSS8.9AI score0.10946EPSS

CVE•added 2017/10/23 1:29 a.m.•69 views

CVE-2017-7116

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.

7.5CVSS6.9AI score0.00782EPSS

CVE•added 2017/10/23 1:29 a.m.•69 views

CVE-2017-7133

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have ...

7.5CVSS6.6AI score0.00342EPSS

CVE•added 2018/06/08 6:29 p.m.•69 views

CVE-2018-4239

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image.

4.6CVSS4.6AI score0.00072EPSS

CVE•added 2019/01/11 6:29 p.m.•69 views

CVE-2018-4330

In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.

9.3CVSS7.3AI score0.16005EPSS

CVE•added 2019/04/03 6:29 p.m.•69 views

CVE-2018-4377

A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

6.1CVSS6AI score0.0054EPSS

CVE•added 2019/03/05 4:29 p.m.•69 views

CVE-2019-6202

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.

7.8CVSS6.3AI score0.00259EPSS

CVE•added 2019/12/18 6:15 p.m.•69 views

CVE-2019-8511

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges.

7.8CVSS7.2AI score0.00513EPSS

CVE•added 2020/10/27 8:15 p.m.•69 views

CVE-2019-8532

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files.

5.5CVSS6.3AI score0.00149EPSS

CVE•added 2020/12/08 9:15 p.m.•69 views

CVE-2020-27910

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.

9.3CVSS7.3AI score0.00813EPSS

CVE•added 2021/04/02 6:15 p.m.•69 views

CVE-2020-27920

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may...

8.8CVSS7.6AI score0.00547EPSS

CVE•added 2020/12/08 9:15 p.m.•69 views

CVE-2020-27926

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS7.7AI score0.00477EPSS

CVE•added 2020/02/27 9:15 p.m.•69 views

CVE-2020-3844

This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state.

3.3CVSS4.2AI score0.00153EPSS

CVE•added 2020/10/22 6:15 p.m.•69 views

CVE-2020-9900

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.

7.8CVSS7AI score0.00147EPSS

CVE•added 2020/12/08 8:15 p.m.•69 views

CVE-2020-9963

The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.

5.5CVSS5.1AI score0.00325EPSS

CVE•added 2020/12/08 8:15 p.m.•69 views

CVE-2020-9988

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

5.5CVSS5.2AI score0.00148EPSS

CVE•added 2021/09/08 3:15 p.m.•69 views

CVE-2021-1816

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS8.1AI score0.00404EPSS

CVE•added 2021/08/24 7:15 p.m.•69 views

CVE-2021-30854

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A sandboxed process may be able to circumvent sandbox restrictions.

8.6CVSS7.3AI score0.00283EPSS

CVE•added 2021/08/24 7:15 p.m.•69 views

CVE-2021-30966

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.

7.5CVSS6.7AI score0.00471EPSS

Total number of security vulnerabilities3721