Lucene search

K
AppleIphone Os

3695 matches found

CVE
CVE
added 2015/09/18 12:0 p.m.39 views

CVE-2015-5906

The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character.

5CVSS6AI score0.00388EPSS
CVE
CVE
added 2015/10/09 5:59 a.m.39 views

CVE-2015-5923

Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.

2.1CVSS5.6AI score0.00068EPSS
CVE
CVE
added 2015/10/23 10:59 a.m.39 views

CVE-2015-7000

Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled.

2.1CVSS5.1AI score0.00069EPSS
CVE
CVE
added 2015/10/23 10:59 a.m.39 views

CVE-2015-7004

The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app.

7.1CVSS5.4AI score0.00529EPSS
CVE
CVE
added 2016/02/01 11:59 a.m.39 views

CVE-2016-1730

WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.

5.8CVSS5.8AI score0.00274EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.39 views

CVE-2016-4627

IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.8CVSS7.6AI score0.00106EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.39 views

CVE-2016-4689

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.

7.5CVSS5.7AI score0.00141EPSS
CVE
CVE
added 2016/09/25 11:0 a.m.39 views

CVE-2016-4771

The kernel in Apple iOS before 10 and OS X before 10.12 allows local users to bypass intended file-access restrictions via a crafted directory pathname.

5.5CVSS5.7AI score0.00208EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.39 views

CVE-2016-4781

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors.

6.8CVSS5.3AI score0.00075EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.39 views

CVE-2016-7634

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible.

4.6CVSS4.4AI score0.00069EPSS
CVE
CVE
added 2017/11/13 3:29 a.m.39 views

CVE-2017-7113

An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.

5.5CVSS4.8AI score0.00069EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4327

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.

9.3CVSS7.1AI score0.15106EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4356

A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12.

5.3CVSS5.9AI score0.00179EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4380

A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.

5.5CVSS4.8AI score0.0006EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.39 views

CVE-2018-4429

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.

6.5CVSS5.8AI score0.00222EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.39 views

CVE-2023-40438

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory.

5.5CVSS4.8AI score0.00058EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.39 views

CVE-2024-40867

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.

9.6CVSS5.6AI score0.00157EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.39 views

CVE-2024-44126

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption.

7.8CVSS5.4AI score0.00035EPSS
CVE
CVE
added 2024/10/28 10:15 p.m.39 views

CVE-2024-44145

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.

6.1CVSS5AI score0.00033EPSS
CVE
CVE
added 2025/03/10 7:15 p.m.39 views

CVE-2024-44227

The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.

7.5CVSS5.7AI score0.00034EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.39 views

CVE-2024-44251

This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.

2.4CVSS5.5AI score0.00043EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.39 views

CVE-2024-44254

This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data.

5.5CVSS5.1AI score0.00035EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.39 views

CVE-2024-54512

The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.2 and iPadOS 18.2. A system binary could be used to fingerprint a user's Apple Account.

9.1CVSS5.8AI score0.00051EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.38 views

CVE-2011-2869

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.38 views

CVE-2012-0614

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS
CVE
CVE
added 2013/01/29 5:58 a.m.38 views

CVE-2013-0949

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS
CVE
CVE
added 2013/06/18 2:55 p.m.38 views

CVE-2013-4616

The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that...

5.8CVSS5.9AI score0.00568EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.38 views

CVE-2013-5145

kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.

6.3CVSS5.5AI score0.00149EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.38 views

CVE-2013-5150

The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.

1.9CVSS7.6AI score0.00073EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.38 views

CVE-2013-5151

Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.

4.3CVSS4.9AI score0.00301EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.38 views

CVE-2013-5153

Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.

2.1CVSS5.5AI score0.00069EPSS
CVE
CVE
added 2013/09/28 3:40 a.m.38 views

CVE-2013-5161

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.

4.4CVSS5.7AI score0.00052EPSS
CVE
CVE
added 2014/07/01 10:17 a.m.38 views

CVE-2014-1382

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS
CVE
CVE
added 2015/08/16 11:59 p.m.38 views

CVE-2015-3759

Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.

4.6CVSS6.4AI score0.00053EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.38 views

CVE-2015-5749

The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

4.3CVSS6.5AI score0.003EPSS
CVE
CVE
added 2015/09/18 12:0 p.m.38 views

CVE-2015-5904

Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.

4.3CVSS5.9AI score0.00366EPSS
CVE
CVE
added 2016/05/20 11:0 a.m.38 views

CVE-2016-1852

Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.

2.4CVSS4AI score0.00142EPSS
CVE
CVE
added 2016/07/22 2:59 a.m.38 views

CVE-2016-4605

Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.

7.1CVSS6.5AI score0.00522EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.38 views

CVE-2016-4685

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.

5.9CVSS5.2AI score0.00136EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.38 views

CVE-2016-7597

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.

4.6CVSS4.1AI score0.00072EPSS
CVE
CVE
added 2017/05/22 5:29 a.m.38 views

CVE-2017-6995

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.38 views

CVE-2018-4216

A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1.

5.5CVSS5.2AI score0.00194EPSS
CVE
CVE
added 2023/06/23 6:15 p.m.38 views

CVE-2022-46715

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences

5.5CVSS4.3AI score0.00015EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.38 views

CVE-2023-42869

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2.

7.5CVSS7.3AI score0.00136EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.38 views

CVE-2024-27879

The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.

7.5CVSS6AI score0.00252EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.38 views

CVE-2024-44200

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information.

5.5CVSS5.8AI score0.0002EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.38 views

CVE-2024-44212

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.

5.3CVSS5.8AI score0.00052EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.38 views

CVE-2024-54518

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

5.3CVSS5.7AI score0.00024EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.38 views

CVE-2024-54522

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

7.8CVSS5.7AI score0.00035EPSS
CVE
CVE
added 2025/05/12 10:15 p.m.38 views

CVE-2025-31212

This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.

5.5CVSS5.7AI score0.00015EPSS
Total number of security vulnerabilities3695