Iphone Os@* Security Vulnerabilities and Issues — Page 42 of Iphone Os@* CVE List

Lucene search

AppleIphone Os*

3624 matches found

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7085

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.

6.5CVSS6.1AI score0.00765EPSS

CVE•added 2017/10/23 1:29 a.m.•62 views

CVE-2017-7131

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app.

5.5CVSS5.2AI score0.00197EPSS

CVE•added 2019/01/11 6:29 p.m.•62 views

CVE-2018-4189

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

10CVSS8.6AI score0.00757EPSS

CVE•added 2019/04/03 6:29 p.m.•62 views

CVE-2018-4248

An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.

7.5CVSS5.8AI score0.02821EPSS

CVE•added 2019/12/18 6:15 p.m.•62 views

CVE-2019-8567

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.

7.5CVSS7.4AI score0.00399EPSS

CVE•added 2021/12/23 8:15 p.m.•62 views

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

9.8CVSS7.9AI score0.00868EPSS

CVE•added 2020/10/27 8:15 p.m.•62 views

CVE-2019-8715

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.2AI score0.00257EPSS

CVE•added 2020/10/27 8:15 p.m.•62 views

CVE-2019-8753

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.

6.1CVSS6.1AI score0.00433EPSS

CVE•added 2020/02/27 9:15 p.m.•62 views

CVE-2020-3831

A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.

7.6CVSS6.8AI score0.00293EPSS

CVE•added 2020/02/27 9:15 p.m.•62 views

CVE-2020-3873

This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews.

3.3CVSS4.4AI score0.00153EPSS

CVE•added 2020/10/16 5:15 p.m.•62 views

CVE-2020-9933

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

4.3CVSS4.6AI score0.00216EPSS

CVE•added 2021/09/08 3:15 p.m.•62 views

CVE-2021-1865

An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

5CVSS5.1AI score0.001EPSS

CVE•added 2021/09/08 2:15 p.m.•62 views

CVE-2021-30753

Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation.

5.5CVSS5.4AI score0.00269EPSS

CVE•added 2021/09/08 2:15 p.m.•62 views

CVE-2021-30756

A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2021/09/08 2:15 p.m.•62 views

CVE-2021-30804

A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.

4.3CVSS4.7AI score0.0018EPSS

CVE•added 2021/08/24 7:15 p.m.•62 views

CVE-2021-30925

The issue was addressed with improved permissions logic. This issue is fixed in watchOS 8, macOS Big Sur 11.6, iOS 15 and iPadOS 15. A malicious application may be able to bypass Privacy preferences.

9.1CVSS7.2AI score0.00232EPSS

CVE•added 2022/11/01 8:15 p.m.•62 views

CVE-2022-32879

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.

2.4CVSS4AI score0.0008EPSS

CVE•added 2022/11/01 8:15 p.m.•62 views

CVE-2022-32913

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.

3.3CVSS4.8AI score0.0005EPSS

CVE•added 2022/11/01 8:15 p.m.•62 views

CVE-2022-42791

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

7CVSS7.5AI score0.00083EPSS

CVE•added 2022/11/01 8:15 p.m.•62 views

CVE-2022-42810

The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. Processing a maliciously crafted USD file may disclose memory contents.

5.5CVSS5.8AI score0.00063EPSS

CVE•added 2023/06/23 6:15 p.m.•62 views

CVE-2023-32410

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.

5.5CVSS5.4AI score0.00031EPSS

CVE•added 2023/09/27 3:19 p.m.•62 views

CVE-2023-40420

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.

6.5CVSS5.8AI score0.00167EPSS

CVE•added 2023/09/27 3:19 p.m.•62 views

CVE-2023-40454

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.

7.1CVSS6.1AI score0.00021EPSS

CVE•added 2023/09/27 3:19 p.m.•62 views

CVE-2023-41065

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.

3.3CVSS3.7AI score0.00026EPSS

CVE•added 2023/09/27 3:19 p.m.•62 views

CVE-2023-41070

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.

5.5CVSS4.9AI score0.00039EPSS

CVE•added 2023/09/27 3:19 p.m.•62 views

CVE-2023-41071

A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00036EPSS

CVE•added 2024/03/28 4:15 p.m.•62 views

CVE-2023-42893

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected ...

5.5CVSS5.8AI score0.00011EPSS

CVE•added 2024/01/23 1:15 a.m.•62 views

CVE-2024-23215

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data.

5.5CVSS5.3AI score0.00023EPSS

CVE•added 2024/01/23 1:15 a.m.•62 views

CVE-2024-23218

A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the ...

5.9CVSS5.7AI score0.00172EPSS

CVE•added 2024/06/10 9:15 p.m.•62 views

CVE-2024-27815

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.2AI score0.17999EPSS

CVE•added 2024/07/29 11:15 p.m.•62 views

CVE-2024-27884

This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to access user-sensitive data.

5.5CVSS5.8AI score0.00042EPSS

CVE•added 2024/07/29 11:15 p.m.•62 views

CVE-2024-40795

This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able to read sensitive location information.

3.3CVSS5.5AI score0.00044EPSS

CVE•added 2024/12/12 2:15 a.m.•62 views

CVE-2024-54526

The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.

5.5CVSS5.6AI score0.00047EPSS

CVE•added 2025/03/31 11:15 p.m.•62 views

CVE-2025-30430

This issue was addressed through improved state management. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Password autofill may fill in passwords after failing authentication.

9.8CVSS6AI score0.00128EPSS

CVE•added 2025/03/31 11:15 p.m.•62 views

CVE-2025-31184

This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.

7.8CVSS5.8AI score0.00016EPSS

CVE•added 2025/05/12 10:15 p.m.•62 views

CVE-2025-31205

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.

6.5CVSS5.7AI score0.00025EPSS

CVE•added 2010/09/09 10:0 p.m.•61 views

CVE-2010-1812

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.

6.8CVSS9AI score0.05507EPSS

CVE•added 2011/08/03 12:55 a.m.•61 views

CVE-2011-2818

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.

6.8CVSS6.9AI score0.02962EPSS

CVE•added 2012/03/05 7:55 p.m.•61 views

CVE-2011-3034

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.

6.8CVSS6.9AI score0.02363EPSS

CVE•added 2012/03/30 10:55 p.m.•61 views

CVE-2011-3064

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

7.5CVSS6.9AI score0.05944EPSS

CVE•added 2011/10/25 7:55 p.m.•61 views

CVE-2011-3888

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

6.8CVSS7AI score0.02104EPSS

CVE•added 2014/07/01 10:17 a.m.•61 views

CVE-2014-1361

Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS...

5CVSS5.3AI score0.00783EPSS

CVE•added 2014/09/18 10:55 a.m.•61 views

CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-...

9.3CVSS7.5AI score0.00543EPSS

CVE•added 2015/07/03 1:59 a.m.•61 views

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypa...

6.8CVSS7.6AI score0.00273EPSS

CVE•added 2015/08/16 11:59 p.m.•61 views

CVE-2015-3740

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.00998EPSS

CVE•added 2015/09/18 10:59 a.m.•61 views

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.

4.3CVSS7.3AI score0.00466EPSS

CVE•added 2015/09/18 10:59 a.m.•61 views

CVE-2015-5796

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•61 views

CVE-2015-5810

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 12:0 p.m.•61 views

CVE-2015-5874

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

7.5CVSS7.4AI score0.03213EPSS

CVE•added 2015/10/23 9:59 p.m.•61 views

CVE-2015-5925

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

6.8CVSS7.5AI score0.01866EPSS

Total number of security vulnerabilities3624