Iphone Os Security Vulnerabilities and Issues — Page 60 of Iphone Os CVE List

Lucene search

AppleIphone Os

3721 matches found

CVE•added 2018/04/03 6:29 a.m.•51 views

CVE-2018-4095

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Core Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (...

9.3CVSS8.2AI score0.00207EPSS

CVE•added 2019/03/04 8:29 p.m.•51 views

CVE-2019-6206

An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.

9.8CVSS7.3AI score0.00378EPSS

CVE•added 2020/04/01 6:15 p.m.•51 views

CVE-2020-9781

The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

5.3CVSS5.8AI score0.00148EPSS

CVE•added 2021/09/08 3:15 p.m.•51 views

CVE-2021-1812

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.

9.3CVSS7.6AI score0.0039EPSS

CVE•added 2021/08/24 7:15 p.m.•51 views

CVE-2021-30997

A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail.

7.5CVSS6.9AI score0.00148EPSS

CVE•added 2023/09/27 3:18 p.m.•51 views

CVE-2023-35984

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.

4.3CVSS4AI score0.00069EPSS

CVE•added 2024/07/29 9:15 p.m.•51 views

CVE-2023-40398

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed process may be able to circumvent sandbox restrictions.

8.8CVSS5.7AI score0.001EPSS

CVE•added 2024/07/29 9:15 p.m.•51 views

CVE-2023-42925

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access Notes attachments.

3.3CVSS5.6AI score0.00094EPSS

CVE•added 2024/07/29 11:15 p.m.•51 views

CVE-2024-27863

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to determine kernel memory layout.

5.5CVSS5.2AI score0.00013EPSS

CVE•added 2025/01/15 8:15 p.m.•51 views

CVE-2024-40771

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privi...

8.4CVSS6.9AI score0.00056EPSS

CVE•added 2024/07/29 11:15 p.m.•51 views

CVE-2024-40777

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.

5.5CVSS5.8AI score0.00265EPSS

CVE•added 2024/09/17 12:15 a.m.•51 views

CVE-2024-40791

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts.

3.3CVSS5.6AI score0.00043EPSS

CVE•added 2024/09/17 12:15 a.m.•51 views

CVE-2024-44169

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause unexpected system termination.

8.1CVSS5.9AI score0.00109EPSS

CVE•added 2024/09/17 12:15 a.m.•51 views

CVE-2024-44183

A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service.

5.5CVSS5.9AI score0.00059EPSS

CVE•added 2024/12/12 2:15 a.m.•51 views

CVE-2024-44225

A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges.

7.8CVSS5.9AI score0.00058EPSS

CVE•added 2025/01/15 8:15 p.m.•51 views

CVE-2024-54535

A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.

4.3CVSS5.6AI score0.0013EPSS

CVE•added 2024/12/20 1:15 a.m.•51 views

CVE-2024-54538

A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service.

7.5CVSS5.9AI score0.00699EPSS

CVE•added 2025/04/29 3:15 a.m.•51 views

CVE-2025-24179

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.

5.7CVSS7.2AI score0.00016EPSS

CVE•added 2025/05/12 10:15 p.m.•51 views

CVE-2025-31221

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.

7.5CVSS6.1AI score0.00139EPSS

CVE•added 2025/07/30 12:15 a.m.•51 views

CVE-2025-43227

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.

7.5CVSS5.3AI score0.00073EPSS

CVE•added 2007/09/27 9:17 p.m.•50 views

CVE-2007-3754

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

4.3CVSS6.1AI score0.00675EPSS

CVE•added 2007/09/27 9:17 p.m.•50 views

CVE-2007-3755

Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.

4.3CVSS6.2AI score0.00993EPSS

CVE•added 2008/09/11 1:13 a.m.•50 views

CVE-2008-3612

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

9.8CVSS8.6AI score0.02524EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2011-2867

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2012-0604

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2012-0613

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2012-0643

The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.

9.3CVSS7.1AI score0.01831EPSS

CVE•added 2012/09/13 10:30 a.m.•50 views

CVE-2012-3632

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.017EPSS

CVE•added 2013/05/20 2:44 p.m.•50 views

CVE-2013-1010

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:28 a.m.•50 views

CVE-2013-5156

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.

4.3CVSS5.6AI score0.003EPSS

CVE•added 2014/03/14 10:55 a.m.•50 views

CVE-2014-1280

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.

7.1CVSS5.8AI score0.004EPSS

CVE•added 2014/07/01 10:17 a.m.•50 views

CVE-2014-1359

Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

10CVSS6.9AI score0.01536EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4361

The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app.

5CVSS5.6AI score0.00594EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4362

The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.

5CVSS5AI score0.00594EPSS

CVE•added 2014/09/18 10:55 a.m.•50 views

CVE-2014-4369

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

7.8CVSS5.8AI score0.01216EPSS

CVE•added 2015/01/30 11:59 a.m.•50 views

CVE-2014-4483

Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

6.8CVSS5.1AI score0.02074EPSS

CVE•added 2015/01/30 11:59 a.m.•50 views

CVE-2014-8840

The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.

6.8CVSS5.9AI score0.00333EPSS

CVE•added 2015/03/18 10:59 p.m.•50 views

CVE-2015-1068

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00853EPSS

CVE•added 2015/03/18 10:59 p.m.•50 views

CVE-2015-1073

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•50 views

CVE-2015-1097

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS

CVE•added 2015/07/03 1:59 a.m.•50 views

CVE-2015-3684

The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.

6.8CVSS5.3AI score0.01789EPSS

CVE•added 2015/08/17 12:0 a.m.•50 views

CVE-2015-5775

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

7.5CVSS8.7AI score0.02102EPSS

CVE•added 2015/09/18 11:0 a.m.•50 views

CVE-2015-5850

AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.

2.1CVSS5.7AI score0.00067EPSS

CVE•added 2015/09/18 12:0 p.m.•50 views

CVE-2015-5863

IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

2.1CVSS4.6AI score0.00063EPSS

CVE•added 2015/10/23 9:59 p.m.•50 views

CVE-2015-6994

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app.

7.1CVSS7.5AI score0.01596EPSS

CVE•added 2015/10/23 9:59 p.m.•50 views

CVE-2015-6996

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

6.8CVSS7.2AI score0.06119EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7065

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8CVSS9.1AI score0.01866EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7068

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

9.3CVSS8.5AI score0.04372EPSS

CVE•added 2016/03/24 1:59 a.m.•50 views

CVE-2016-1761

libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

10CVSS7.5AI score0.1098EPSS

CVE•added 2016/03/24 1:59 a.m.•50 views

CVE-2016-1788

Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.

5.9CVSS5.9AI score0.00588EPSS

Total number of security vulnerabilities3721