Lucene search

K
AppleIphone Os

3695 matches found

CVE
CVE
added 2014/10/22 10:55 a.m.41 views

CVE-2014-4449

iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

6.8CVSS5AI score0.0036EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.41 views

CVE-2015-1085

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

1.9CVSS5.6AI score0.00069EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.41 views

CVE-2015-1113

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.

1.9CVSS5.5AI score0.00069EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.41 views

CVE-2015-3806

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

7.2CVSS7.5AI score0.00052EPSS
CVE
CVE
added 2015/08/17 12:1 a.m.41 views

CVE-2015-5778

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.

6.8CVSS8.7AI score0.01866EPSS
CVE
CVE
added 2015/10/23 10:59 a.m.41 views

CVE-2015-6999

The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.

5CVSS5.7AI score0.0022EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.41 views

CVE-2015-7069

Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.

9.3CVSS6.9AI score0.00867EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.41 views

CVE-2015-7080

Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.

2.1CVSS5.3AI score0.00068EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.41 views

CVE-2015-7094

CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.

2.6CVSS7.7AI score0.00336EPSS
CVE
CVE
added 2015/12/11 12:0 p.m.41 views

CVE-2015-7107

QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

6.8CVSS8.8AI score0.02388EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.41 views

CVE-2016-1811

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

6.5CVSS6AI score0.01746EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.41 views

CVE-2016-4593

The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.

2.4CVSS4.9AI score0.00065EPSS
CVE
CVE
added 2016/09/18 10:59 p.m.41 views

CVE-2016-4620

The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.

4.3CVSS4.9AI score0.00255EPSS
CVE
CVE
added 2019/01/11 6:29 p.m.41 views

CVE-2018-4147

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.

9.8CVSS9AI score0.00785EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.41 views

CVE-2018-4352

A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.

3.3CVSS4.9AI score0.00054EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.41 views

CVE-2018-4461

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

9.3CVSS7.2AI score0.00185EPSS
CVE
CVE
added 2023/06/23 6:15 p.m.41 views

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information

5.5CVSS4.2AI score0.00053EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.41 views

CVE-2024-44201

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service.

5.5CVSS5.8AI score0.00029EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.41 views

CVE-2024-44202

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

5.3CVSS6.3AI score0.00099EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.41 views

CVE-2024-44215

This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.

5.5CVSS5.3AI score0.00028EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.41 views

CVE-2024-44278

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. A sandboxed app may be able to access sensitive u...

5.5CVSS4.8AI score0.00045EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.41 views

CVE-2024-54517

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

7.8CVSS5.7AI score0.00029EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.41 views

CVE-2025-31217

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.40 views

CVE-2009-2795

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."

7.2CVSS6.5AI score0.0007EPSS
CVE
CVE
added 2010/06/22 8:30 p.m.40 views

CVE-2010-1775

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

1.9CVSS5.9AI score0.00051EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.40 views

CVE-2010-1776

Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.

4.9CVSS4.7AI score0.00362EPSS
CVE
CVE
added 2010/09/09 10:0 p.m.40 views

CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

3.5CVSS5.6AI score0.00237EPSS
CVE
CVE
added 2010/09/09 10:0 p.m.40 views

CVE-2010-1817

Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

6.8CVSS7.8AI score0.01336EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.40 views

CVE-2011-2871

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.40 views

CVE-2011-2872

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.40 views

CVE-2011-3257

The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.

2.1CVSS5.5AI score0.00053EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.40 views

CVE-2011-3429

The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.

2.1CVSS5.1AI score0.00069EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.40 views

CVE-2011-3431

The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.

2.1CVSS5.1AI score0.00069EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.40 views

CVE-2011-3432

The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.

5CVSS5.9AI score0.0082EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.40 views

CVE-2012-0606

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.40 views

CVE-2012-0630

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2012/09/13 10:30 a.m.40 views

CVE-2012-3607

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.40 views

CVE-2012-3733

Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in ...

4.3CVSS5.2AI score0.00346EPSS
CVE
CVE
added 2013/01/29 5:58 a.m.40 views

CVE-2013-0952

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS
CVE
CVE
added 2013/06/05 2:39 p.m.40 views

CVE-2013-3955

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an...

6.2CVSS6.4AI score0.00182EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.40 views

CVE-2013-5154

The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.

4.3CVSS5.6AI score0.00291EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.40 views

CVE-2013-5159

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.

4.3CVSS5.6AI score0.00285EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.40 views

CVE-2013-5162

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.

2.1CVSS5.9AI score0.00057EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.40 views

CVE-2014-1354

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data.

6.8CVSS7.7AI score0.01314EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.40 views

CVE-2014-4457

The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled.

7.5CVSS5.5AI score0.01115EPSS
CVE
CVE
added 2015/03/12 10:59 a.m.40 views

CVE-2015-1064

Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.

1.9CVSS5.7AI score0.00068EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.40 views

CVE-2015-1092

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6AI score0.00823EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.40 views

CVE-2015-1108

The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

2.1CVSS5.6AI score0.00072EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.40 views

CVE-2015-1125

The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.

4.3CVSS5.9AI score0.00266EPSS
CVE
CVE
added 2015/07/03 2:0 a.m.40 views

CVE-2015-3722

Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.

4.3CVSS5.6AI score0.00596EPSS
Total number of security vulnerabilities3695