Iphone Os Security Vulnerabilities and Issues — Page 66 of Iphone Os CVE List

Lucene search

AppleIphone Os

3721 matches found

CVE•added 2020/12/08 9:15 p.m.•45 views

CVE-2020-27902

An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.

4.6CVSS4.1AI score0.00054EPSS

CVE•added 2020/04/01 6:15 p.m.•45 views

CVE-2020-3888

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts.

4.3CVSS5AI score0.00255EPSS

CVE•added 2020/04/01 6:15 p.m.•45 views

CVE-2020-3890

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.

5.3CVSS5.5AI score0.00237EPSS

CVE•added 2021/08/24 7:15 p.m.•45 views

CVE-2021-31001

An access issue was addressed with improved access restrictions. This issue is fixed in iOS 15 and iPadOS 15. An attacker in a privileged network position may be able to leak sensitive user information.

6.5CVSS5.5AI score0.00356EPSS

CVE•added 2021/08/24 7:15 p.m.•45 views

CVE-2021-31013

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory.

5.5CVSS5.4AI score0.00343EPSS

CVE•added 2024/01/10 10:15 p.m.•45 views

CVE-2023-40437

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information.

5.5CVSS4.9AI score0.00072EPSS

CVE•added 2024/01/23 1:15 a.m.•45 views

CVE-2023-40528

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.

5.5CVSS6AI score0.00006EPSS

CVE•added 2025/04/11 3:15 p.m.•45 views

CVE-2023-42969

An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.

3.3CVSS5.9AI score0.00018EPSS

CVE•added 2024/09/17 12:15 a.m.•45 views

CVE-2024-40852

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.

7.5CVSS6.5AI score0.0012EPSS

CVE•added 2024/09/17 12:15 a.m.•45 views

CVE-2024-44198

An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5CVSS6.6AI score0.00036EPSS

CVE•added 2024/12/12 2:15 a.m.•45 views

CVE-2024-54503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.

4.2CVSS5.4AI score0.00044EPSS

CVE•added 2025/03/31 11:15 p.m.•45 views

CVE-2025-24095

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences.

7.6CVSS5.9AI score0.00062EPSS

CVE•added 2025/01/27 10:15 p.m.•45 views

CVE-2025-24117

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.

5.5CVSS5.5AI score0.00019EPSS

CVE•added 2025/05/12 10:15 p.m.•45 views

CVE-2025-30448

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

9.1CVSS5.8AI score0.00149EPSS

CVE•added 2010/11/26 8:0 p.m.•44 views

CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

4.3CVSS5.6AI score0.00542EPSS

CVE•added 2011/03/11 10:55 p.m.•44 views

CVE-2011-0161

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

4.3CVSS8AI score0.00391EPSS

CVE•added 2011/03/11 10:55 p.m.•44 views

CVE-2011-0162

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

7.8CVSS5.9AI score0.01975EPSS

CVE•added 2011/03/11 10:55 p.m.•44 views

CVE-2011-1418

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

5CVSS5.9AI score0.00388EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2011-2870

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2011-2873

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0590

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

4.3CVSS4.9AI score0.00588EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0609

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0617

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0618

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0621

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0629

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0635

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0641

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

5CVSS5.2AI score0.00556EPSS

CVE•added 2012/09/13 10:30 a.m.•44 views

CVE-2012-3701

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/20 9:55 p.m.•44 views

CVE-2012-3737

The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.

2.1CVSS5.5AI score0.00068EPSS

CVE•added 2012/09/20 9:55 p.m.•44 views

CVE-2012-3743

The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.

5CVSS5AI score0.00421EPSS

CVE•added 2012/11/03 5:55 p.m.•44 views

CVE-2012-3749

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.6AI score0.00498EPSS

CVE•added 2012/11/03 5:55 p.m.•44 views

CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

3.6CVSS5.6AI score0.00073EPSS

CVE•added 2013/09/19 10:27 a.m.•44 views

CVE-2013-1042

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/09/19 10:27 a.m.•44 views

CVE-2013-5128

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/09/19 10:27 a.m.•44 views

CVE-2013-5131

Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5AI score0.0032EPSS

CVE•added 2013/09/19 10:28 a.m.•44 views

CVE-2013-5137

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.

2.6CVSS5.9AI score0.00371EPSS

CVE•added 2013/09/19 10:28 a.m.•44 views

CVE-2013-5141

The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."

7.1CVSS5.6AI score0.00532EPSS

CVE•added 2014/07/01 10:17 a.m.•44 views

CVE-2014-1368

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2015/01/30 11:59 a.m.•44 views

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.6AI score0.01019EPSS

CVE•added 2015/03/12 10:59 a.m.•44 views

CVE-2015-1063

CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.

7.8CVSS6AI score0.00693EPSS

CVE•added 2015/04/10 2:59 p.m.•44 views

CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

4.3CVSS7.5AI score0.65446EPSS

Web

CVE•added 2015/08/16 11:59 p.m.•44 views

CVE-2015-3778

bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.

3.3CVSS7.3AI score0.00351EPSS

CVE•added 2015/08/17 12:0 a.m.•44 views

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

4.3CVSS7.4AI score0.02365EPSS

CVE•added 2015/08/17 12:1 a.m.•44 views

CVE-2015-5781

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.

4.3CVSS7AI score0.00651EPSS

CVE•added 2015/11/22 3:59 a.m.•44 views

CVE-2015-5859

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS5.3AI score0.0025EPSS

CVE•added 2015/09/18 12:0 p.m.•44 views

CVE-2015-5898

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

2.1CVSS4.9AI score0.00041EPSS

CVE•added 2015/10/23 10:59 a.m.•44 views

CVE-2015-6979

GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.1AI score0.01466EPSS

CVE•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7072

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.0101EPSS

CVE•added 2016/02/01 11:59 a.m.•44 views

CVE-2016-1721

The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS6.9AI score0.00242EPSS

Web

Total number of security vulnerabilities3721