Iphone Os@* Security Vulnerabilities and Issues — Page 41 of Iphone Os@* CVE List

Lucene search

AppleIphone Os*

3624 matches found

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2018-4433

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the ...

5.5CVSS5.7AI score0.00302EPSS

CVE•added 2019/12/18 6:15 p.m.•63 views

CVE-2019-8682

The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.

2.4CVSS4.5AI score0.00045EPSS

CVE•added 2020/10/27 8:15 p.m.•63 views

CVE-2019-8708

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.

5.5CVSS5.8AI score0.00061EPSS

CVE•added 2020/10/27 9:15 p.m.•63 views

CVE-2019-8857

The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

3.3CVSS4.2AI score0.00066EPSS

CVE•added 2021/04/02 6:15 p.m.•63 views

CVE-2020-27922

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to a...

7.8CVSS7.7AI score0.00482EPSS

CVE•added 2020/04/01 6:15 p.m.•63 views

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.

5.5CVSS5.7AI score0.00063EPSS

CVE•added 2020/10/22 6:15 p.m.•63 views

CVE-2020-3918

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

5.5CVSS5.3AI score0.00067EPSS

CVE•added 2020/10/22 7:15 p.m.•63 views

CVE-2020-9920

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files.

9.1CVSS7.9AI score0.00698EPSS

CVE•added 2020/10/16 5:15 p.m.•63 views

CVE-2020-9946

This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.

6.8CVSS6AI score0.00057EPSS

CVE•added 2020/12/08 8:15 p.m.•63 views

CVE-2020-9972

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8AI score0.02321EPSS

CVE•added 2021/04/02 6:15 p.m.•63 views

CVE-2021-1780

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack.

4.9CVSS4.5AI score0.00066EPSS

CVE•added 2021/09/08 2:15 p.m.•63 views

CVE-2021-30729

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.6 and iPadOS 14.6. A device may accept invalid activation results.

7.5CVSS6.5AI score0.00241EPSS

CVE•added 2021/10/19 2:15 p.m.•63 views

CVE-2021-30838

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine.

9.3CVSS8AI score0.00235EPSS

CVE•added 2021/08/24 7:15 p.m.•63 views

CVE-2021-30992

This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata.

5.5CVSS5AI score0.00138EPSS

CVE•added 2022/11/01 8:15 p.m.•63 views

CVE-2022-32898

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.9AI score0.03668EPSS

CVE•added 2022/11/01 8:15 p.m.•63 views

CVE-2022-42790

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen.

5.5CVSS5.6AI score0.0006EPSS

CVE•added 2022/11/01 8:15 p.m.•63 views

CVE-2022-42800

This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.

7.8CVSS8AI score0.00046EPSS

CVE•added 2023/06/23 6:15 p.m.•63 views

CVE-2023-32385

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.

5.5CVSS5.1AI score0.00032EPSS

CVE•added 2023/06/23 6:15 p.m.•63 views

CVE-2023-32408

The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.

5.5CVSS5.5AI score0.00023EPSS

CVE•added 2024/01/23 1:15 a.m.•63 views

CVE-2024-23219

The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.

6.2CVSS5.6AI score0.00081EPSS

CVE•added 2024/06/10 9:15 p.m.•63 views

CVE-2024-27801

The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to elevate privileges.

8.4CVSS5.7AI score0.00055EPSS

CVE•added 2024/06/10 9:15 p.m.•63 views

CVE-2024-27802

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected ap...

7.8CVSS7AI score0.00036EPSS

CVE•added 2024/05/14 3:13 p.m.•63 views

CVE-2024-27852

A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.

6.5CVSS5.4AI score0.00196EPSS

CVE•added 2024/07/29 11:15 p.m.•63 views

CVE-2024-40778

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9. Photos in the Hidden Photos Album may be viewed without authentication.

3.3CVSS6AI score0.00039EPSS

CVE•added 2025/03/31 11:15 p.m.•63 views

CVE-2025-24212

This issue was addressed with improved checks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

6.3CVSS5.3AI score0.00019EPSS

CVE•added 2025/03/31 11:15 p.m.•63 views

CVE-2025-31192

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

6.7CVSS5.3AI score0.00047EPSS

CVE•added 2025/04/29 3:15 a.m.•63 views

CVE-2025-31202

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

5.5CVSS7.5AI score0.00014EPSS

CVE•added 2025/05/12 10:15 p.m.•63 views

CVE-2025-31205

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.

6.5CVSS5.7AI score0.00025EPSS

CVE•added 2010/09/09 10:0 p.m.•62 views

CVE-2010-1813

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.

6.8CVSS8.7AI score0.17387EPSS

CVE•added 2011/03/25 7:55 p.m.•62 views

CVE-2011-1296

Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5CVSS8.7AI score0.0184EPSS

CVE•added 2012/04/05 10:2 p.m.•62 views

CVE-2011-3067

Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

6.8CVSS6AI score0.00509EPSS

CVE•added 2012/04/05 10:2 p.m.•62 views

CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

6.8CVSS6.9AI score0.02863EPSS

CVE•added 2012/04/05 10:2 p.m.•62 views

CVE-2011-3073

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

6.8CVSS6.9AI score0.02863EPSS

CVE•added 2013/06/05 2:39 p.m.•62 views

CVE-2013-3951

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-gua...

4.6CVSS5.7AI score0.00061EPSS

CVE•added 2014/09/18 10:55 a.m.•62 views

CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

9.3CVSS8AI score0.01754EPSS

CVE•added 2014/12/10 9:59 p.m.•62 views

CVE-2014-4465

WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.

5CVSS6.1AI score0.00977EPSS

CVE•added 2015/08/16 11:59 p.m.•62 views

CVE-2015-3743

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS

CVE•added 2015/09/18 10:59 a.m.•62 views

CVE-2015-5805

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01093EPSS

CVE•added 2015/09/18 10:59 a.m.•62 views

CVE-2015-5821

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-5935

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS9.1AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-6976

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•62 views

CVE-2015-7101

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2016/02/01 11:59 a.m.•62 views

CVE-2016-1726

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.

9.3CVSS7.7AI score0.01632EPSS

CVE•added 2016/07/22 2:59 a.m.•62 views

CVE-2016-1863

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.00262EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4730

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

9.3CVSS8.3AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4758

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01043EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4760

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.

6.5CVSS6.5AI score0.0107EPSS

CVE•added 2016/09/25 11:0 a.m.•62 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS

CVE•added 2017/04/02 1:59 a.m.•62 views

CVE-2017-2439

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial...

7.1CVSS6.8AI score0.00614EPSS

Total number of security vulnerabilities3624