Iphone Os Security Vulnerabilities and Issues — Page 47 of Iphone Os CVE List

Lucene search

AppleIphone Os

3721 matches found

CVE•added 2020/04/01 6:15 p.m.•59 views

CVE-2020-3914

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.

5.5CVSS5.4AI score0.003EPSS

CVE•added 2021/10/28 7:15 p.m.•59 views

CVE-2020-9897

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.

7.8CVSS7.7AI score0.00299EPSS

CVE•added 2020/10/16 5:15 p.m.•59 views

CVE-2020-9911

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.

7.5CVSS7.2AI score0.00334EPSS

CVE•added 2021/09/08 3:15 p.m.•59 views

CVE-2021-1836

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.

5.5CVSS5.6AI score0.00037EPSS

CVE•added 2021/09/08 3:15 p.m.•59 views

CVE-2021-1848

The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher.

5.5CVSS4.8AI score0.00053EPSS

CVE•added 2021/10/19 2:15 p.m.•59 views

CVE-2021-30815

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.

2.4CVSS3.1AI score0.00046EPSS

CVE•added 2021/08/24 7:15 p.m.•59 views

CVE-2021-30967

Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information.

5.5CVSS4.9AI score0.00039EPSS

CVE•added 2023/08/14 11:15 p.m.•59 views

CVE-2022-22655

An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4. An app may be able to leak sensitive user information.

5.5CVSS4.2AI score0.00072EPSS

CVE•added 2022/11/01 8:15 p.m.•59 views

CVE-2022-32858

The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. An app may be able to leak sensitive kernel state.

5.5CVSS5.5AI score0.00058EPSS

CVE•added 2022/11/01 8:15 p.m.•59 views

CVE-2022-32875

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6. An app may be able to read sensitive location information.

5CVSS5.3AI score0.00057EPSS

CVE•added 2022/11/01 8:15 p.m.•59 views

CVE-2022-32929

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 15.7 and iPadOS 15.7, iOS 16.1 and iPadOS 16. An app may be able to access iOS backups.

5.5CVSS5.8AI score0.00124EPSS

CVE•added 2023/06/23 6:15 p.m.•59 views

CVE-2023-28191

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.

5.5CVSS5.6AI score0.00009EPSS

CVE•added 2023/06/23 6:15 p.m.•59 views

CVE-2023-32372

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.

5.5CVSS4.5AI score0.00031EPSS

CVE•added 2023/09/27 3:19 p.m.•59 views

CVE-2023-40412

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00036EPSS

CVE•added 2023/12/12 1:15 a.m.•59 views

CVE-2023-42898

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution.

5.5CVSS6AI score0.00027EPSS

CVE•added 2023/12/12 1:15 a.m.•59 views

CVE-2023-42919

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data.

5.5CVSS5.1AI score0.00021EPSS

CVE•added 2024/06/10 9:15 p.m.•59 views

CVE-2024-27855

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

8.8CVSS5.5AI score0.00259EPSS

CVE•added 2024/07/29 11:15 p.m.•59 views

CVE-2024-40793

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. An app may be able to access user-sensitive data.

5.5CVSS6AI score0.00042EPSS

CVE•added 2024/07/29 11:15 p.m.•59 views

CVE-2024-40798

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history.

3.3CVSS5.5AI score0.00044EPSS

CVE•added 2024/07/29 11:15 p.m.•59 views

CVE-2024-40799

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may l...

7.1CVSS5.8AI score0.00054EPSS

CVE•added 2024/07/29 11:15 p.m.•59 views

CVE-2024-40829

The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted content from the lock screen.

7.5CVSS5.6AI score0.00402EPSS

CVE•added 2024/09/17 12:15 a.m.•59 views

CVE-2024-44164

This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences.

7.1CVSS5.9AI score0.00042EPSS

CVE•added 2025/03/31 11:15 p.m.•59 views

CVE-2025-24214

A privacy issue was addressed by not logging contents of text fields. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2025/03/31 11:15 p.m.•59 views

CVE-2025-24243

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8CVSS6.9AI score0.00037EPSS

CVE•added 2025/03/31 11:15 p.m.•59 views

CVE-2025-30454

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. A malicious app may be able to access private information.

5.5CVSS5.2AI score0.00022EPSS

CVE•added 2009/07/09 5:30 p.m.•58 views

CVE-2009-1724

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

4.3CVSS6.6AI score0.01516EPSS

CVE•added 2010/03/25 9:0 p.m.•58 views

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database...

10CVSS8.6AI score0.24416EPSS

Web

CVE•added 2011/03/11 2:1 a.m.•58 views

CVE-2011-1188

Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

7.5CVSS8.7AI score0.0323EPSS

CVE•added 2011/09/19 12:2 p.m.•58 views

CVE-2011-3234

Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.2AI score0.02823EPSS

CVE•added 2014/12/10 9:59 p.m.•58 views

CVE-2014-4468

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/01/30 11:59 a.m.•58 views

CVE-2014-4493

The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.

7.5CVSS5.4AI score0.00213EPSS

CVE•added 2015/03/18 10:59 p.m.•58 views

CVE-2015-1076

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1101

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9CVSS7AI score0.00071EPSS

CVE•added 2015/05/08 12:59 a.m.•58 views

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

4.3CVSS7.7AI score0.5513EPSS

CVE•added 2015/07/03 1:59 a.m.•58 views

CVE-2015-3685

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/09/18 10:59 a.m.•58 views

CVE-2015-3801

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.

5CVSS5.8AI score0.00977EPSS

CVE•added 2015/08/17 12:0 a.m.•58 views

CVE-2015-5756

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

6.8CVSS8.7AI score0.02102EPSS

CVE•added 2015/09/18 10:59 a.m.•58 views

CVE-2015-5806

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•58 views

CVE-2015-5814

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 12:0 p.m.•58 views

CVE-2015-5912

The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.

5CVSS5.8AI score0.00524EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5926

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.

6.8CVSS7.5AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5936

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5937

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-5942

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.

6.8CVSS7.4AI score0.01866EPSS

CVE•added 2015/10/23 9:59 p.m.•58 views

CVE-2015-6978

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/10/23 10:59 a.m.•58 views

CVE-2015-7017

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

7.5CVSS9AI score0.02129EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7040

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7084

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2016/03/24 1:59 a.m.•58 views

CVE-2016-1753

Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.8AI score0.00362EPSS

CVE•added 2019/01/11 6:29 p.m.•58 views

CVE-2016-4642

In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.

5.9CVSS6.9AI score0.00361EPSS

Total number of security vulnerabilities3721