Iphone Os Security Vulnerabilities and Issues — Page 64 of Iphone Os CVE List

4.3CVSS4.7AI score0.0026EPSS

CVE-2016-7577

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

4.7CVSS5.1AI score0.00248EPSS

CVE-2016-7650

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.

7.8CVSS6.2AI score0.00311EPSS

CVE-2016-7655

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.

4.3CVSS4.7AI score0.0006EPSS

CVE-2016-7759

An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher.

CVE•added 2017/12/25 9:29 p.m.•46 views

CVE-2017-13903

An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch...

7.5CVSS6.3AI score0.00573EPSS

CVE•added 2017/04/02 1:59 a.m.•46 views

CVE-2017-2397

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by reading an iCloud authentication prompt on the lock screen.

2.4CVSS4.9AI score0.00073EPSS

CVE•added 2017/04/02 1:59 a.m.•46 views

CVE-2017-2484

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.

7.5CVSS7AI score0.00263EPSS

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-2506

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8AI score0.00853EPSS

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-2507

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00265EPSS

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-6982

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.

5.5CVSS4.8AI score0.01181EPSS

5.5CVSS5.7AI score0.00068EPSS

CVE-2018-4282

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2.

5.5CVSS6.1AI score0.00068EPSS

CVE-2018-4313

A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

5.5CVSS5.3AI score0.00164EPSS

CVE-2018-4365

An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1.

2.4CVSS3.7AI score0.00057EPSS

CVE-2018-4387

A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.

CVE•added 2020/10/27 8:15 p.m.•46 views

CVE-2019-8732

The issue was addressed with improved data deletion. This issue is fixed in iOS 13. Deleted calls remained visible on the device.

2.4CVSS4.7AI score0.00057EPSS

CVE•added 2020/10/16 5:15 p.m.•46 views

CVE-2020-9959

A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.

2.4CVSS3.1AI score0.00054EPSS

CVE•added 2021/08/24 7:15 p.m.•46 views

CVE-2021-30956

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker with physical access to a device may be able to see private contact information.

2.4CVSS2.9AI score0.00064EPSS

CVE•added 2023/06/23 6:15 p.m.•46 views

CVE-2023-32403

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location informatio...

5.5CVSS5.5AI score0.00023EPSS

CVE•added 2023/09/06 2:15 a.m.•46 views

CVE-2023-32432

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.

5.5CVSS4.9AI score0.00041EPSS

CVE•added 2024/01/10 10:15 p.m.•46 views

CVE-2023-38612

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data.

3.3CVSS4AI score0.00106EPSS

CVE•added 2023/09/27 3:19 p.m.•46 views

CVE-2023-40456

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.

3.3CVSS2.8AI score0.0003EPSS

CVE•added 2024/01/10 10:15 p.m.•46 views

CVE-2023-42830

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.

3.3CVSS3.6AI score0.00087EPSS

CVE•added 2025/01/15 8:15 p.m.•46 views

CVE-2024-40839

This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.

2.4CVSS5.4AI score0.00029EPSS

CVE•added 2024/11/01 9:15 p.m.•46 views

CVE-2024-44232

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

6.5CVSS5.7AI score0.0008EPSS

CVE•added 2024/10/28 9:15 p.m.•46 views

CVE-2024-44285

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

8.4CVSS5.5AI score0.01251EPSS

CVE•added 2024/10/28 9:15 p.m.•46 views

CVE-2024-44297

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing a maliciously crafted message may lead to a denial-of-service.

6.5CVSS5.4AI score0.00288EPSS

CVE•added 2025/05/12 10:15 p.m.•46 views

CVE-2025-31223

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

8CVSS5.8AI score0.00058EPSS

CVE•added 2025/05/12 10:15 p.m.•46 views

CVE-2025-31241

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

5.3CVSS6.1AI score0.00131EPSS

CVE•added 2025/05/12 10:15 p.m.•46 views

CVE-2025-31253

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.

7.1CVSS6.1AI score0.00035EPSS

CVE•added 2008/11/25 11:30 p.m.•45 views

CVE-2008-4230

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a dup...

1.9CVSS5.5AI score0.00066EPSS

CVE•added 2008/11/25 11:30 p.m.•45 views

CVE-2008-4232

Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.

5CVSS5.9AI score0.0065EPSS

CVE•added 2009/06/19 4:30 p.m.•45 views

CVE-2009-1680

Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.

2.1CVSS6.1AI score0.00066EPSS

CVE•added 2009/09/21 7:30 p.m.•45 views

CVE-2009-3271

Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.

4.3CVSS6.1AI score0.02007EPSS

CVE•added 2010/11/26 8:0 p.m.•45 views

CVE-2010-3831

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.

4.3CVSS5.6AI score0.0047EPSS

CVE•added 2011/10/14 10:55 a.m.•45 views

CVE-2011-3245

The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.

2.1CVSS5.1AI score0.00142EPSS

9.3CVSS7.8AI score0.01997EPSS

CVE-2012-0598

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS

CVE-2012-0626

9.3CVSS7.8AI score0.01837EPSS

CVE-2012-0632

6.9CVSS5.6AI score0.00053EPSS

CVE-2012-0644

Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.