Lucene search

K
AppleIphone Os

3695 matches found

CVE
CVE
added 2025/05/12 10:15 p.m.38 views

CVE-2025-31227

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.

4.6CVSS5.2AI score0.00024EPSS
CVE
CVE
added 2009/06/19 4:30 p.m.37 views

CVE-2009-0959

The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."

7.1CVSS6.4AI score0.016EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.37 views

CVE-2009-2207

The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.

2.1CVSS5.5AI score0.00056EPSS
CVE
CVE
added 2010/06/22 8:30 p.m.37 views

CVE-2010-1755

Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.

4.3CVSS5.9AI score0.00342EPSS
CVE
CVE
added 2010/06/22 8:30 p.m.37 views

CVE-2010-1757

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.

6.4CVSS7.2AI score0.0264EPSS
CVE
CVE
added 2010/08/05 6:17 p.m.37 views

CVE-2010-2973

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.

6.9CVSS6.1AI score0.00273EPSS
CVE
CVE
added 2010/11/26 8:0 p.m.37 views

CVE-2010-3830

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.

7.2CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2012/03/08 10:55 p.m.37 views

CVE-2012-0642

Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.

9.3CVSS8.4AI score0.07206EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.37 views

CVE-2012-3724

CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.

5CVSS5.2AI score0.00346EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.37 views

CVE-2012-3744

Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address.

5CVSS5.8AI score0.00409EPSS
CVE
CVE
added 2012/09/20 9:55 p.m.37 views

CVE-2012-3747

WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS7.8AI score0.01795EPSS
CVE
CVE
added 2013/01/29 5:58 a.m.37 views

CVE-2013-0974

StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.

5.1CVSS6.3AI score0.00254EPSS
CVE
CVE
added 2014/10/22 10:55 a.m.37 views

CVE-2014-4450

The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

1.9CVSS5.7AI score0.00144EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.37 views

CVE-2015-1090

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file.

5CVSS4.9AI score0.003EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.37 views

CVE-2015-1116

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen.

2.1CVSS5AI score0.00069EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.37 views

CVE-2015-5746

AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.

5CVSS5.9AI score0.00231EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.37 views

CVE-2015-5835

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.

4.3CVSS4.9AI score0.003EPSS
CVE
CVE
added 2015/09/18 11:0 a.m.37 views

CVE-2015-5856

The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.

4.3CVSS5.9AI score0.00686EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.37 views

CVE-2015-7079

dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.01096EPSS
CVE
CVE
added 2016/05/20 10:59 a.m.37 views

CVE-2016-1790

Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3CVSS4AI score0.00336EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.37 views

CVE-2016-7601

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.

6.8CVSS5.5AI score0.0016EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.37 views

CVE-2018-4379

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.

5.5CVSS4.8AI score0.0006EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.37 views

CVE-2023-40443

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.

7.8CVSS6.6AI score0.00112EPSS
CVE
CVE
added 2024/01/10 10:15 p.m.37 views

CVE-2023-40529

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.

2.4CVSS2.2AI score0.00125EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.37 views

CVE-2024-27869

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.

7.5CVSS5.8AI score0.00136EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.37 views

CVE-2024-40863

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information.

5.5CVSS5.8AI score0.00053EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.37 views

CVE-2024-44124

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.

6.5CVSS6.3AI score0.0006EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.37 views

CVE-2024-44235

The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.

4.6CVSS5.3AI score0.0005EPSS
CVE
CVE
added 2025/01/27 10:15 p.m.37 views

CVE-2024-54541

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

5.5CVSS5.9AI score0.00026EPSS
CVE
CVE
added 2008/11/25 11:30 p.m.36 views

CVE-2008-4229

Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.

3.7CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2010/12/08 8:0 p.m.36 views

CVE-2010-4012

Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.

6.2CVSS5.9AI score0.00039EPSS
CVE
CVE
added 2013/09/19 10:28 a.m.36 views

CVE-2013-5152

Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.

4.3CVSS5.8AI score0.00366EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.36 views

CVE-2014-4463

Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2.1CVSS5.9AI score0.00082EPSS
CVE
CVE
added 2015/04/10 2:59 p.m.36 views

CVE-2015-1107

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

1.9CVSS5.6AI score0.00058EPSS
CVE
CVE
added 2015/08/17 12:0 a.m.36 views

CVE-2015-5752

Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

5CVSS5.6AI score0.00431EPSS
CVE
CVE
added 2015/09/18 10:59 a.m.36 views

CVE-2015-5843

IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00072EPSS
CVE
CVE
added 2015/12/11 11:59 a.m.36 views

CVE-2015-7037

Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.

5CVSS5.7AI score0.00224EPSS
CVE
CVE
added 2017/02/20 8:59 a.m.36 views

CVE-2016-7762

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.

6.1CVSS4.9AI score0.00266EPSS
CVE
CVE
added 2019/04/03 6:29 p.m.36 views

CVE-2018-4446

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.

4.3CVSS4.4AI score0.0019EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.36 views

CVE-2024-27874

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.

7.5CVSS6.3AI score0.00177EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.36 views

CVE-2024-40850

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

5.5CVSS5.8AI score0.00044EPSS
CVE
CVE
added 2024/09/17 12:15 a.m.36 views

CVE-2024-44139

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

2.4CVSS5.5AI score0.0005EPSS
CVE
CVE
added 2024/10/28 9:15 p.m.36 views

CVE-2024-44263

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.

5.5CVSS5.3AI score0.00031EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.36 views

CVE-2024-44299

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

9.8CVSS7.2AI score0.0017EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.36 views

CVE-2024-54485

The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.

5.5CVSS5.5AI score0.00021EPSS
CVE
CVE
added 2025/03/10 7:15 p.m.36 views

CVE-2024-54560

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.

5.5CVSS5.6AI score0.00012EPSS
CVE
CVE
added 2008/11/25 11:30 p.m.35 views

CVE-2008-4228

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.

3.6CVSS6.4AI score0.00067EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.35 views

CVE-2009-2206

Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 fil...

6.8CVSS7.9AI score0.05067EPSS
CVE
CVE
added 2010/06/22 8:30 p.m.35 views

CVE-2010-1756

The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.

5.8CVSS6.1AI score0.00338EPSS
CVE
CVE
added 2010/11/26 8:0 p.m.35 views

CVE-2010-3827

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

4.3CVSS5.8AI score0.0056EPSS
Total number of security vulnerabilities3695