Iphone Os Security Vulnerabilities and Issues — Page 63 of Iphone Os CVE List

4.3CVSS4AI score0.00228EPSS

CVE-2016-4665

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

CVE•added 2016/09/25 10:59 a.m.•47 views

CVE-2016-4722

The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.

7.1CVSS6.1AI score0.02514EPSS

8.8CVSS8AI score0.00728EPSS

CVE-2016-7642

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of ser...

8.8CVSS8AI score0.00728EPSS

CVE-2016-7649

4.7CVSS5.1AI score0.00248EPSS

CVE-2016-7650

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.

CVE•added 2017/05/22 5:29 a.m.•47 views

CVE-2017-2507

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00265EPSS

CVE•added 2017/05/22 5:29 a.m.•47 views

CVE-2017-6998

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS

CVE•added 2018/04/03 6:29 a.m.•47 views

CVE-2018-4109

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS8.2AI score0.0024EPSS

CVE•added 2019/04/03 6:29 p.m.•47 views

CVE-2018-4322

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.

3.3CVSS5AI score0.00054EPSS

CVE•added 2019/04/03 6:29 p.m.•47 views

CVE-2018-4365

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.

5.5CVSS5.3AI score0.00164EPSS

CVE•added 2019/12/18 6:15 p.m.•47 views

CVE-2019-8779

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions.

10CVSS8.4AI score0.00518EPSS

CVE•added 2024/01/10 10:15 p.m.•47 views

CVE-2022-46710

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet.

5.5CVSS5AI score0.00029EPSS

CVE•added 2025/03/10 8:15 p.m.•47 views

CVE-2022-48610

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2. An app may be able to access user-sensitive data.

5.5CVSS6.1AI score0.00015EPSS

CVE•added 2024/09/17 12:15 a.m.•47 views

CVE-2024-44184

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data.

5.5CVSS6AI score0.00037EPSS

CVE•added 2024/10/28 9:15 p.m.•47 views

CVE-2024-44269

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A malicious app may use shortcuts to access restricted files.

5.5CVSS5.3AI score0.00037EPSS

CVE•added 2024/10/28 9:15 p.m.•47 views

CVE-2024-44282

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Parsing a file may lead to disclosure of user information.

6.5CVSS5.2AI score0.00079EPSS

CVE•added 2025/01/15 8:15 p.m.•47 views

CVE-2024-54470

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1. An attacker with physical access may be able to access contacts from the lock screen.

4.6CVSS4.9AI score0.0005EPSS

CVE•added 2025/01/15 8:15 p.m.•47 views

CVE-2024-54535

A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders.

4.3CVSS5.6AI score0.0013EPSS

CVE•added 2025/03/31 11:15 p.m.•47 views

CVE-2025-30434

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.4 and iPadOS 18.4. Processing a maliciously crafted file may lead to a cross site scripting attack.

5CVSS5.2AI score0.00033EPSS

CVE•added 2025/05/12 10:15 p.m.•47 views

CVE-2025-30436

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.

9.1CVSS6AI score0.00069EPSS

CVE•added 2025/05/12 10:15 p.m.•47 views

CVE-2025-31241

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

5.3CVSS6.1AI score0.00131EPSS

CVE•added 2008/11/25 11:30 p.m.•46 views

CVE-2008-1586

ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.

7.1CVSS7AI score0.01469EPSS

CVE•added 2009/06/19 4:30 p.m.•46 views

CVE-2009-0960

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an i...

4.3CVSS6.1AI score0.0065EPSS

CVE•added 2009/06/19 4:30 p.m.•46 views

CVE-2009-1680

Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.

2.1CVSS6.1AI score0.00066EPSS

CVE•added 2009/09/10 9:30 p.m.•46 views

CVE-2009-2815

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.

7.8CVSS6.2AI score0.00547EPSS

CVE•added 2010/06/22 8:30 p.m.•46 views

CVE-2010-1407

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.

4.3CVSS7.1AI score0.00732EPSS

CVE•added 2011/08/03 12:55 a.m.•46 views

CVE-2011-2819

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.

6.8CVSS6.1AI score0.00738EPSS

CVE-2012-0623

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

CVE-2012-0626

CVE-2012-0632

CVE-2012-0633