Iphone Os Security Vulnerabilities and Issues — Page 41 of Iphone Os CVE List

Lucene search

AppleIphone Os

3721 matches found

CVE•added 2021/08/24 7:15 p.m.•64 views

CVE-2021-30985

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.

9.3CVSS7.6AI score0.00265EPSS

CVE•added 2023/04/10 7:15 p.m.•64 views

CVE-2022-32871

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information

2.4CVSS2.1AI score0.00069EPSS

CVE•added 2022/11/01 8:15 p.m.•64 views

CVE-2022-42800

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

7.8CVSS8AI score0.00046EPSS

CVE•added 2023/06/23 6:15 p.m.•64 views

CVE-2023-32352

A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.

5.5CVSS5.8AI score0.00008EPSS

CVE•added 2023/06/23 6:15 p.m.•64 views

CVE-2023-32397

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.

7.5CVSS6.9AI score0.001EPSS

CVE•added 2023/09/27 3:19 p.m.•64 views

CVE-2023-40399

The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.

5.5CVSS4.9AI score0.00022EPSS

CVE•added 2025/04/11 3:15 p.m.•64 views

CVE-2023-42961

A path handling issue was addressed with improved validation. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. A sandboxed process may be able to circumvent sandbox restrictions.

6.3CVSS5.9AI score0.00114EPSS

CVE•added 2024/06/10 9:15 p.m.•64 views

CVE-2024-27802

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected ap...

7.8CVSS7AI score0.00036EPSS

CVE•added 2024/05/14 3:13 p.m.•64 views

CVE-2024-27803

A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.

2.4CVSS5AI score0.00029EPSS

CVE•added 2024/06/10 9:15 p.m.•64 views

CVE-2024-27815

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.2AI score0.17999EPSS

CVE•added 2025/03/31 11:15 p.m.•64 views

CVE-2025-24180

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

8.1CVSS5.5AI score0.00057EPSS

CVE•added 2025/03/31 11:15 p.m.•64 views

CVE-2025-24212

This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

6.3CVSS5.3AI score0.00025EPSS

CVE•added 2007/06/25 7:30 p.m.•63 views

CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to p...

4.3CVSS5.3AI score0.00304EPSS

CVE•added 2010/06/18 4:30 p.m.•63 views

CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a differen...

9.3CVSS9AI score0.08537EPSS

CVE•added 2011/03/25 7:55 p.m.•63 views

CVE-2011-1295

WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via un...

7.5CVSS8.1AI score0.0229EPSS

CVE•added 2011/05/03 10:55 p.m.•63 views

CVE-2011-1449

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS8.6AI score0.0234EPSS

CVE•added 2011/08/29 3:55 p.m.•63 views

CVE-2011-2827

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

7.5CVSS7AI score0.0229EPSS

CVE•added 2012/04/05 10:2 p.m.•63 views

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

6.8CVSS6AI score0.00509EPSS

CVE•added 2012/04/05 10:2 p.m.•63 views

CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

6.8CVSS6.9AI score0.02863EPSS

CVE•added 2012/04/05 10:2 p.m.•63 views

CVE-2011-3073

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

6.8CVSS6.9AI score0.02863EPSS

CVE•added 2012/10/11 10:51 a.m.•63 views

CVE-2012-5112

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.2AI score0.04592EPSS

CVE•added 2015/07/03 1:59 a.m.•63 views

CVE-2015-3688

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/08/16 11:59 p.m.•63 views

CVE-2015-3738

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/09/18 10:59 a.m.•63 views

CVE-2015-5816

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•63 views

CVE-2015-5818

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 10:59 a.m.•63 views

CVE-2015-5823

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/10/23 10:59 a.m.•63 views

CVE-2015-6992

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

7.5CVSS7.4AI score0.02129EPSS

CVE•added 2016/01/12 7:59 p.m.•63 views

CVE-2015-8659

The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

10CVSS7.2AI score0.02186EPSS

CVE•added 2016/05/20 11:0 a.m.•63 views

CVE-2016-1857

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/09/25 11:0 a.m.•63 views

CVE-2016-4774

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2017-13863

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.

5.9CVSS5.8AI score0.00126EPSS

CVE•added 2021/12/23 8:15 p.m.•63 views

CVE-2017-13880

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.

9.3CVSS7.4AI score0.00202EPSS

CVE•added 2017/04/02 1:59 a.m.•63 views

CVE-2017-2390

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory p...

5.5CVSS5.5AI score0.00086EPSS

CVE•added 2017/10/23 1:29 a.m.•63 views

CVE-2017-7072

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file.

5.5CVSS5.7AI score0.00276EPSS

CVE•added 2017/10/23 1:29 a.m.•63 views

CVE-2017-7112

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory co...

10CVSS8.9AI score0.10946EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2018-4131

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that s...

7.8CVSS7AI score0.00224EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2018-4148

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.

9.8CVSS8AI score0.08821EPSS

CVE•added 2018/04/03 6:29 a.m.•63 views

CVE-2018-4174

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.

5.9CVSS5.5AI score0.00846EPSS

CVE•added 2019/04/03 6:29 p.m.•63 views

CVE-2018-4343

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

9.3CVSS7.9AI score0.03814EPSS

CVE•added 2019/04/03 6:29 p.m.•63 views

CVE-2018-4360

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

8.8CVSS8.1AI score0.00704EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the ...

5.5CVSS5.7AI score0.00302EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8682

The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.

2.4CVSS4.5AI score0.00045EPSS

CVE•added 2021/12/23 8:15 p.m.•63 views

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

9.8CVSS7.9AI score0.00868EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2019-8708

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.

5.5CVSS5.8AI score0.00061EPSS

CVE•added 2020/10/27 9:15 p.m.•63 views

CVE-2019-8857

The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

3.3CVSS4.2AI score0.00066EPSS

CVE•added 2020/04/01 6:15 p.m.•63 views

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.

5.5CVSS5.7AI score0.00063EPSS

CVE•added 2020/10/22 6:15 p.m.•63 views

CVE-2020-3918

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

5.5CVSS5.3AI score0.00067EPSS

CVE•added 2020/10/22 7:15 p.m.•63 views

CVE-2020-9920

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.

9.1CVSS7.9AI score0.00698EPSS

CVE•added 2020/12/08 8:15 p.m.•63 views

CVE-2020-9972

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8AI score0.02321EPSS

CVE•added 2021/04/02 6:15 p.m.•63 views

CVE-2021-1780

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.

4.9CVSS4.5AI score0.00066EPSS

Total number of security vulnerabilities3721