Iphone Os Security Vulnerabilities and Issues — Page 40 of Iphone Os CVE List

Lucene search

AppleIphone Os

3695 matches found

CVE•added 2015/09/18 12:0 p.m.•64 views

CVE-2015-5903

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.

10CVSS6AI score0.02023EPSS

CVE•added 2016/06/26 1:59 a.m.•64 views

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

9.8CVSS9.3AI score0.03085EPSS

CVE•added 2016/03/24 1:59 a.m.•64 views

CVE-2016-1758

The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

4.3CVSS4.4AI score0.00276EPSS

CVE•added 2017/02/20 8:59 a.m.•64 views

CVE-2016-4692

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8AI score0.00728EPSS

CVE•added 2016/09/25 10:59 a.m.•64 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4776

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4774.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2017/02/20 8:59 a.m.•64 views

CVE-2016-7635

8.8CVSS8.1AI score0.00728EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13785

An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2017/11/13 3:29 a.m.•64 views

CVE-2017-13796

8.8CVSS7.7AI score0.14267EPSS

CVE•added 2018/04/03 6:29 a.m.•64 views

CVE-2017-13873

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary app...

4.3CVSS4.8AI score0.00335EPSS

CVE•added 2019/01/11 6:29 p.m.•64 views

CVE-2017-13888

In iOS before 11.2, a type confusion issue was addressed with improved memory handling.

7.5CVSS6.9AI score0.00241EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2378

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and...

8.8CVSS8.4AI score0.00803EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2458

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Keyboards" component. A buffer overflow allows attackers to execute arbitrary code in a privileged ...

9.3CVSS7.9AI score0.00701EPSS

CVE•added 2017/04/02 1:59 a.m.•64 views

CVE-2017-2467

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of servi...

7.8CVSS8.6AI score0.00808EPSS

CVE•added 2017/07/20 4:29 p.m.•64 views

CVE-2017-7068

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial...

8.8CVSS8.5AI score0.01802EPSS

CVE•added 2018/04/03 6:29 a.m.•64 views

CVE-2018-4089

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ...

8.8CVSS7.5AI score0.02333EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8510

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

5.5CVSS5.3AI score0.00068EPSS

CVE•added 2019/12/18 6:15 p.m.•64 views

CVE-2019-8620

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.

7.5CVSS7.1AI score0.00386EPSS

CVE•added 2020/10/27 8:15 p.m.•64 views

CVE-2019-8631

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.

7.5CVSS6.6AI score0.00289EPSS

CVE•added 2020/10/27 8:15 p.m.•64 views

CVE-2019-8668

A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service.

5.5CVSS5.5AI score0.00196EPSS

CVE•added 2020/06/09 5:15 p.m.•64 views

CVE-2020-9793

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

9.3CVSS7.6AI score0.01193EPSS

CVE•added 2020/10/22 6:15 p.m.•64 views

CVE-2020-9892

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS8.3AI score0.00428EPSS

CVE•added 2020/10/22 6:15 p.m.•64 views

CVE-2020-9898

This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions.

9.8CVSS7.7AI score0.00451EPSS

CVE•added 2020/10/22 7:15 p.m.•64 views

CVE-2020-9902

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.

7.1CVSS5.5AI score0.00328EPSS

CVE•added 2021/09/08 3:15 p.m.•64 views

CVE-2021-1770

A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.

9.8CVSS8.7AI score0.02359EPSS

CVE•added 2021/09/08 3:15 p.m.•64 views

CVE-2021-30674

This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory.

5.5CVSS5AI score0.0031EPSS

CVE•added 2021/09/08 2:15 p.m.•64 views

CVE-2021-30802

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.8AI score0.00806EPSS

CVE•added 2021/08/24 7:15 p.m.•64 views

CVE-2021-30985

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.6AI score0.00265EPSS

CVE•added 2023/04/10 7:15 p.m.•64 views

CVE-2022-32871

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information

2.4CVSS2.1AI score0.00069EPSS

CVE•added 2023/06/23 6:15 p.m.•64 views

CVE-2023-32352

A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.

5.5CVSS5.8AI score0.00008EPSS

CVE•added 2023/06/23 6:15 p.m.•64 views

CVE-2023-32397

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

7.5CVSS6.9AI score0.001EPSS

CVE•added 2023/09/27 3:19 p.m.•64 views

CVE-2023-40399

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.

5.5CVSS4.9AI score0.00022EPSS

CVE•added 2025/04/11 3:15 p.m.•64 views

CVE-2023-42961

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.

6.3CVSS5.9AI score0.00097EPSS

CVE•added 2024/05/14 3:13 p.m.•64 views

CVE-2024-27803

A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.

2.4CVSS5AI score0.00029EPSS

CVE•added 2024/06/10 9:15 p.m.•64 views

CVE-2024-27830

This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.

6.5CVSS5.8AI score0.00224EPSS

CVE•added 2025/03/31 11:15 p.m.•64 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

8.1CVSS5.5AI score0.00042EPSS

CVE•added 2007/06/25 7:30 p.m.•63 views

CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to p...

4.3CVSS5.3AI score0.00304EPSS

CVE•added 2010/06/18 4:30 p.m.•63 views

CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a differen...

9.3CVSS9AI score0.08537EPSS

CVE•added 2011/03/25 7:55 p.m.•63 views

CVE-2011-1295

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via un...

7.5CVSS8.1AI score0.0229EPSS

CVE•added 2011/05/03 10:55 p.m.•63 views

CVE-2011-1449

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS8.6AI score0.0234EPSS

CVE•added 2011/08/29 3:55 p.m.•63 views

CVE-2011-2827

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

7.5CVSS7AI score0.0229EPSS

CVE•added 2012/03/05 7:55 p.m.•63 views

CVE-2011-3032

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.

6.8CVSS6.9AI score0.01573EPSS

CVE•added 2012/10/11 10:51 a.m.•63 views

CVE-2012-5112

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.2AI score0.04592EPSS

CVE•added 2014/09/18 10:55 a.m.•63 views

CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS7.8AI score0.11335EPSS

CVE•added 2015/01/30 11:59 a.m.•63 views

CVE-2014-4476

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/07/03 1:59 a.m.•63 views

CVE-2015-3688

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/08/16 11:59 p.m.•63 views

CVE-2015-3738

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/09/18 10:59 a.m.•63 views

CVE-2015-5816

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•63 views

CVE-2015-5818

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01009EPSS

Total number of security vulnerabilities3695