Lucene search

K
AppleIphone Os

3695 matches found

CVE
CVE
added 2015/08/16 11:59 p.m.40 views

CVE-2015-3758

UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.

4.3CVSS5.9AI score0.00291EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.40 views

CVE-2015-3795

libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.

9.3CVSS8.3AI score0.01575EPSS
CVE
CVE
added 2015/10/23 9:59 p.m.40 views

CVE-2015-5924

The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8CVSS7.4AI score0.01866EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.40 views

CVE-2015-7051

MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.00757EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.40 views

CVE-2015-7070

Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.

9.3CVSS6.9AI score0.00867EPSS
CVE
CVE
added 2016/03/24 1:59 a.m.40 views

CVE-2016-1782

WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.

6.5CVSS6.4AI score0.00699EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.40 views

CVE-2016-1823

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDRe...

9.3CVSS7.6AI score0.05778EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.40 views

CVE-2016-1831

The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.5AI score0.00402EPSS
CVE
CVE
added 2016/09/18 10:59 p.m.40 views

CVE-2016-4740

Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.

2.9CVSS4.8AI score0.00069EPSS
CVE
CVE
added 2016/09/18 10:59 p.m.40 views

CVE-2016-4741

The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates.

5.9CVSS6.1AI score0.0067EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.40 views

CVE-2016-7581

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.

4.3CVSS4.6AI score0.00296EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.40 views

CVE-2017-6999

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS
CVE
CVE
added 2018/04/03 6:29 a.m.40 views

CVE-2018-4093

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.0027EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.40 views

CVE-2018-4335

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.

5.5CVSS6AI score0.00226EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.40 views

CVE-2018-4439

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

6.5CVSS6.6AI score0.00344EPSS
CVE
CVE
added 2020/10/27 8:15 p.m.40 views

CVE-2018-4444

A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.

6.5CVSS6.3AI score0.00457EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.40 views

CVE-2023-42831

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user.

5.5CVSS5.4AI score0.00108EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.40 views

CVE-2024-40840

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.

4.6CVSS5.7AI score0.00059EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.40 views

CVE-2024-44180

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

2.4CVSS5.5AI score0.0005EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.40 views

CVE-2024-44218

This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to heap corruption.

7.8CVSS5.4AI score0.00021EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.40 views

CVE-2024-44239

An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. An app may be able to leak sensitive k...

5.5CVSS4.7AI score0.00037EPSS
CVE
CVE
added 2025/03/10 7:15 p.m.40 views

CVE-2024-54469

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information.

5.5CVSS5.2AI score0.00015EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.40 views

CVE-2025-24111

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

5.5CVSS5.9AI score0.00012EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.40 views

CVE-2025-31234

The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

8.2CVSS5.7AI score0.00066EPSS
CVE
CVE
added 2010/06/22 8:30 p.m.39 views

CVE-2010-1751

Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.

5CVSS5.6AI score0.00512EPSS
CVE
CVE
added 2011/03/11 10:55 p.m.39 views

CVE-2011-0159

The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.

5CVSS6AI score0.00613EPSS
CVE
CVE
added 2011/10/14 10:55 a.m.39 views

CVE-2011-3430

The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.

9.3CVSS5.8AI score0.00467EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.39 views

CVE-2012-0607

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3728

The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.

6.9CVSS5.5AI score0.00048EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3731

Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

2.1CVSS5.5AI score0.00068EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3738

The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact informatio...

3.6CVSS5.3AI score0.00066EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3740

The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

2.1CVSS5.5AI score0.00053EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3745

Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.

5CVSS6.1AI score0.00583EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.39 views

CVE-2012-3746

UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.

4.3CVSS5.4AI score0.00335EPSS
CVE
CVE
added 2013/01/29 5:58 a.m.39 views

CVE-2013-0951

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS
CVE
CVE
added 2013/06/05 2:39 p.m.39 views

CVE-2013-3954

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive in...

6.9CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2013/09/19 10:27 a.m.39 views

CVE-2013-5126

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS
CVE
CVE
added 2014/03/14 10:55 a.m.39 views

CVE-2013-5133

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

8.8CVSS5.8AI score0.00559EPSS
CVE
CVE
added 2013/10/24 3:48 a.m.39 views

CVE-2013-5144

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer derefe...

3.3CVSS6.1AI score0.00055EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.39 views

CVE-2013-5147

Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.

3.7CVSS5.7AI score0.0048EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.39 views

CVE-2013-5157

The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.

5CVSS5.6AI score0.00291EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.39 views

CVE-2013-5158

The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.

2.1CVSS4.9AI score0.00068EPSS
CVE
CVE
added 2013/12/18 4:4 p.m.39 views

CVE-2013-5198

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.39 views

CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

1.9CVSS5.7AI score0.00067EPSS
CVE
CVE
added 2014/10/22 10:55 a.m.39 views

CVE-2014-4448

House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

1.9CVSS5AI score0.00046EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.39 views

CVE-2015-1109

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.

2.1CVSS5AI score0.0007EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.39 views

CVE-2015-1111

Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

5CVSS4.9AI score0.003EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.39 views

CVE-2015-1115

The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app.

4.4CVSS5.7AI score0.00056EPSS
CVE
CVE
added 2015/07/03 2:0 a.m.39 views

CVE-2015-3724

CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.

6.8CVSS7.5AI score0.01177EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.39 views

CVE-2015-5838

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.

4.3CVSS5.7AI score0.00224EPSS
Total number of security vulnerabilities3695