Iphone Os Security Vulnerabilities and Issues — Page 49 of Iphone Os CVE List

Lucene search

AppleIphone Os

3695 matches found

CVE•added 2021/08/24 7:15 p.m.•57 views

CVE-2021-30988

Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed.

5.5CVSS5AI score0.00168EPSS

CVE•added 2022/11/01 8:15 p.m.•57 views

CVE-2022-32914

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.9AI score0.00113EPSS

CVE•added 2022/11/01 8:15 p.m.•57 views

CVE-2022-42830

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

6.7CVSS7.2AI score0.0006EPSS

CVE•added 2024/03/08 2:15 a.m.•57 views

CVE-2023-28826

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

5.5CVSS6.3AI score0.00024EPSS

CVE•added 2023/09/27 3:19 p.m.•57 views

CVE-2023-41980

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.

5.5CVSS5.1AI score0.00021EPSS

CVE•added 2024/06/10 9:15 p.m.•57 views

CVE-2024-27799

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode.

3.3CVSS5.8AI score0.00022EPSS

CVE•added 2024/06/10 9:15 p.m.•57 views

CVE-2024-27800

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing a maliciously crafted message may lead to a deni...

7.1CVSS6.1AI score0.00103EPSS

CVE•added 2024/06/10 9:15 p.m.•57 views

CVE-2024-27819

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.

2.4CVSS5.6AI score0.00076EPSS

CVE•added 2024/06/10 9:15 p.m.•57 views

CVE-2024-27828

The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.1AI score0.00057EPSS

CVE•added 2024/09/17 12:15 a.m.•57 views

CVE-2024-44167

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files.

8.1CVSS6.3AI score0.0033EPSS

CVE•added 2024/10/28 9:15 p.m.•57 views

CVE-2024-44259

This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content.

8.8CVSS6.4AI score0.00186EPSS

CVE•added 2025/03/31 11:15 p.m.•57 views

CVE-2025-24097

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to read arbitrary file metadata.

5CVSS5.8AI score0.00012EPSS

CVE•added 2025/01/27 10:15 p.m.•57 views

CVE-2025-24127

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

5.5CVSS5.7AI score0.00022EPSS

CVE•added 2025/01/27 10:15 p.m.•57 views

CVE-2025-24128

The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS6AI score0.00052EPSS

CVE•added 2025/01/27 10:15 p.m.•57 views

CVE-2025-24145

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.

3.3CVSS5.5AI score0.00022EPSS

CVE•added 2025/03/31 11:15 p.m.•57 views

CVE-2025-30471

A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.

7.5CVSS5.8AI score0.00174EPSS

CVE•added 2011/03/11 2:1 a.m.•56 views

CVE-2011-1204

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.

6.8CVSS8.7AI score0.02435EPSS

CVE•added 2011/06/29 5:55 p.m.•56 views

CVE-2011-2351

Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

6.8CVSS7AI score0.02007EPSS

CVE•added 2011/09/19 12:2 p.m.•56 views

CVE-2011-2846

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.

6.8CVSS7AI score0.02104EPSS

CVE•added 2011/09/19 12:2 p.m.•56 views

CVE-2011-2854

6.8CVSS7AI score0.0184EPSS

CVE•added 2012/04/05 10:2 p.m.•56 views

CVE-2011-3075

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.

6.8CVSS6.9AI score0.02128EPSS

CVE•added 2012/04/05 10:2 p.m.•56 views

CVE-2011-3076

6.8CVSS6.9AI score0.02128EPSS

CVE•added 2012/01/24 4:3 a.m.•56 views

CVE-2011-3928

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

7.5CVSS7AI score0.0234EPSS

CVE•added 2012/09/20 9:55 p.m.•56 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS

CVE•added 2013/03/20 2:55 p.m.•56 views

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6CVSS5.5AI score0.00059EPSS

CVE•added 2013/09/19 10:27 a.m.•56 views

CVE-2013-1039

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2015/01/30 11:59 a.m.•56 views

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lac...

7.5CVSS4.2AI score0.17592EPSS

CVE•added 2015/03/18 10:59 p.m.•56 views

CVE-2015-1079

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/07/03 1:59 a.m.•56 views

CVE-2015-3659

The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause...

6.8CVSS8.8AI score0.01109EPSS

CVE•added 2015/07/03 1:59 a.m.•56 views

CVE-2015-3689

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.

6.8CVSS5.1AI score0.02635EPSS

CVE•added 2015/09/18 10:59 a.m.•56 views

CVE-2015-5817

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01093EPSS

CVE•added 2015/09/18 11:0 a.m.•56 views

CVE-2015-5855

Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.

4.3CVSS5.6AI score0.00524EPSS

CVE•added 2015/09/18 12:0 p.m.•56 views

CVE-2015-5885

The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.

5CVSS5.7AI score0.00777EPSS

CVE•added 2015/10/23 9:59 p.m.•56 views

CVE-2015-6983

Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors.

8.8CVSS8AI score0.00961EPSS

CVE•added 2015/12/11 11:59 a.m.•56 views

CVE-2015-7075

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.03398EPSS

CVE•added 2015/12/11 11:59 a.m.•56 views

CVE-2015-7095

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2016/01/10 3:59 a.m.•56 views

CVE-2015-7115

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.

4.3CVSS4.8AI score0.00828EPSS

CVE•added 2016/02/01 11:59 a.m.•56 views

CVE-2016-1719

The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7AI score0.00296EPSS

CVE•added 2016/02/01 11:59 a.m.•56 views

CVE-2016-1724

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.

8.8CVSS7.7AI score0.01014EPSS

CVE•added 2016/05/20 11:0 a.m.•56 views

CVE-2016-1856

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.

8.8CVSS8.4AI score0.01892EPSS

CVE•added 2016/07/22 2:59 a.m.•56 views

CVE-2016-4616

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2017/02/20 8:59 a.m.•56 views

CVE-2016-4675

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a cr...

9.3CVSS7AI score0.00167EPSS

CVE•added 2017/04/02 1:59 a.m.•56 views

CVE-2017-2434

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.

10CVSS7.7AI score0.00576EPSS

CVE•added 2017/05/22 5:29 a.m.•56 views

CVE-2017-2515

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.04118EPSS

CVE•added 2017/05/22 5:29 a.m.•56 views

CVE-2017-2528

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.

6.1CVSS5.8AI score0.01328EPSS

CVE•added 2019/04/03 6:29 p.m.•56 views

CVE-2018-4274

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.

7.5CVSS7AI score0.0021EPSS

CVE•added 2019/04/03 6:29 p.m.•56 views

CVE-2018-4435

A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

7.8CVSS6.8AI score0.02792EPSS

CVE•added 2019/04/03 6:29 p.m.•56 views

CVE-2018-4465

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

9.3CVSS7.2AI score0.00149EPSS

CVE•added 2019/12/18 6:15 p.m.•56 views

CVE-2019-8512

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.

7.9CVSS5.6AI score0.00258EPSS

CVE•added 2019/12/18 6:15 p.m.•56 views

CVE-2019-8626

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.

6.5CVSS6.4AI score0.00447EPSS

Total number of security vulnerabilities3695