Iphone Os Security Vulnerabilities and Issues — Page 53 of Iphone Os CVE List

Lucene search

AppleIphone Os

3695 matches found

CVE•added 2017/02/20 8:59 a.m.•54 views

CVE-2016-7662

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.

7.5CVSS5.7AI score0.00209EPSS

CVE•added 2017/04/02 1:59 a.m.•54 views

CVE-2017-2400

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing.

5.3CVSS5.2AI score0.00247EPSS

CVE•added 2017/05/22 5:29 a.m.•54 views

CVE-2017-2497

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.

6.1CVSS6.3AI score0.00289EPSS

CVE•added 2017/05/22 5:29 a.m.•54 views

CVE-2017-2531

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and app...

8.8CVSS8AI score0.06379EPSS

CVE•added 2018/04/03 6:29 a.m.•54 views

CVE-2018-4151

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

7.6CVSS7.2AI score0.00169EPSS

CVE•added 2020/10/27 8:15 p.m.•54 views

CVE-2018-4381

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service.

5.5CVSS5.2AI score0.00143EPSS

CVE•added 2019/04/03 6:29 p.m.•54 views

CVE-2018-4440

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

4.3CVSS5.3AI score0.00344EPSS

CVE•added 2019/12/18 6:15 p.m.•54 views

CVE-2019-8760

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

6.8CVSS7.1AI score0.00129EPSS

CVE•added 2020/10/27 8:15 p.m.•54 views

CVE-2019-8841

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.2AI score0.00061EPSS

CVE•added 2021/04/02 6:15 p.m.•54 views

CVE-2020-29613

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain.

5.5CVSS5.6AI score0.00194EPSS

CVE•added 2020/11/13 3:15 p.m.•54 views

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.

8.8CVSS7.9AI score0.00213EPSS

CVE•added 2021/09/08 3:15 p.m.•54 views

CVE-2021-30699

A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen.

4.6CVSS4.3AI score0.00063EPSS

CVE•added 2021/09/08 3:15 p.m.•54 views

CVE-2021-30714

A race condition was addressed with improved state handling. This issue is fixed in iOS 14.6 and iPadOS 14.6. An application may be able to cause unexpected system termination or write kernel memory.

6.3CVSS5.6AI score0.0015EPSS

CVE•added 2021/08/24 7:15 p.m.•54 views

CVE-2021-30923

A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to execute arbitrary code with kernel privileges.

7.6CVSS7.1AI score0.00299EPSS

CVE•added 2022/11/01 8:15 p.m.•54 views

CVE-2022-32865

The issue was addressed with improved memory handling. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.8AI score0.00078EPSS

CVE•added 2024/01/10 10:15 p.m.•54 views

CVE-2022-42839

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information.

3.3CVSS3.6AI score0.00107EPSS

CVE•added 2023/06/23 6:15 p.m.•54 views

CVE-2023-32415

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.

5.5CVSS4.9AI score0.00036EPSS

CVE•added 2024/01/10 10:15 p.m.•54 views

CVE-2023-42870

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.4AI score0.00099EPSS

CVE•added 2023/12/12 1:15 a.m.•54 views

CVE-2023-42897

The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.

4.6CVSS3.1AI score0.00065EPSS

CVE•added 2024/07/29 9:15 p.m.•54 views

CVE-2023-42957

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10. An app may be able to read sensitive location information.

3.3CVSS5.5AI score0.00025EPSS

CVE•added 2024/07/29 11:15 p.m.•54 views

CVE-2024-40796

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.

5.3CVSS5.8AI score0.00363EPSS

CVE•added 2024/07/29 11:15 p.m.•54 views

CVE-2024-40812

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

7.8CVSS5.7AI score0.0006EPSS

CVE•added 2024/10/28 9:15 p.m.•54 views

CVE-2024-44252

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.

7.1CVSS5.5AI score0.00055EPSS

CVE•added 2024/12/12 2:15 a.m.•54 views

CVE-2024-54492

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic.

9.8CVSS5.6AI score0.00099EPSS

CVE•added 2024/12/12 2:15 a.m.•54 views

CVE-2024-54500

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory.

5.5CVSS5.7AI score0.00035EPSS

CVE•added 2024/12/12 2:15 a.m.•54 views

CVE-2024-54510

A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state.

5.1CVSS5.4AI score0.0002EPSS

CVE•added 2025/03/31 11:15 p.m.•54 views

CVE-2025-24244

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in the disclosure of process memory.

5.5CVSS5.7AI score0.00017EPSS

CVE•added 2007/09/27 9:17 p.m.•53 views

CVE-2007-3753

Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.

7.5CVSS7.3AI score0.01303EPSS

CVE•added 2008/11/25 11:30 p.m.•53 views

CVE-2008-4231

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

9.3CVSS7.8AI score0.07665EPSS

CVE•added 2011/03/11 5:55 p.m.•53 views

CVE-2011-1417

Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a c...

6.8CVSS6.3AI score0.04317EPSS

CVE•added 2011/08/03 12:55 a.m.•53 views

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

6.8CVSS6.5AI score0.03148EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2011-2833

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.0178EPSS

CVE•added 2012/02/16 8:55 p.m.•53 views

CVE-2011-3027

Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

4.3CVSS6.8AI score0.01656EPSS

CVE•added 2012/03/30 10:55 p.m.•53 views

CVE-2011-3058

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3CVSS5.3AI score0.00753EPSS

CVE•added 2012/04/05 10:2 p.m.•53 views

CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.02863EPSS

CVE•added 2012/04/05 10:2 p.m.•53 views

CVE-2011-3074

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

6.8CVSS6.9AI score0.02128EPSS

CVE•added 2011/10/14 10:55 a.m.•53 views

CVE-2011-3427

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

2.6CVSS5.1AI score0.0031EPSS

CVE•added 2011/10/25 7:55 p.m.•53 views

CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS7AI score0.02414EPSS

CVE•added 2012/02/09 4:10 a.m.•53 views

CVE-2011-3968

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.

4.3CVSS7AI score0.01891EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0589

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.

4.3CVSS5.2AI score0.00588EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0619

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2013/05/20 2:44 p.m.•53 views

CVE-2013-1003

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/24 4:43 p.m.•53 views

CVE-2013-1019

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

9.3CVSS7.7AI score0.04963EPSS

CVE•added 2013/09/19 10:27 a.m.•53 views

CVE-2013-1037

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2014/09/18 10:55 a.m.•53 views

CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

7.8CVSS7.3AI score0.00054EPSS

CVE•added 2014/12/10 9:59 p.m.•53 views

CVE-2014-4473

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/03/18 10:59 p.m.•53 views

CVE-2015-1070

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•53 views

CVE-2015-1095

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

7.2CVSS7.2AI score0.00216EPSS

CVE•added 2015/07/03 1:59 a.m.•53 views

CVE-2015-3694

FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3736

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01643EPSS

Total number of security vulnerabilities3695