Iphone Os@* Security Vulnerabilities and Issues — Page 45 of Iphone Os@* CVE List

8.8CVSS8.6AI score0.01005EPSS

CVE-2016-7578

An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbit...

4.3CVSS3.4AI score0.00201EPSS

CVE-2016-7657

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

7.8CVSS5.9AI score0.00183EPSS

CVE-2016-7660

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.

4.3CVSS4.8AI score0.0019EPSS

CVE-2017-13877

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.

4.6CVSS4.3AI score0.00073EPSS

CVE-2017-2352

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors.

CVE•added 2017/04/02 1:59 a.m.•61 views

CVE-2017-2398

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8AI score0.00173EPSS

8.8CVSS8.5AI score0.0093EPSS

CVE-2017-7002

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8.6AI score0.04285EPSS

CVE-2017-7005

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...

CVE•added 2017/07/20 4:29 p.m.•61 views

CVE-2017-7060

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site.

6.5CVSS6.2AI score0.00582EPSS

CVE•added 2017/10/23 1:29 a.m.•61 views

CVE-2017-7129

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (ap...

9.8CVSS8.6AI score0.01729EPSS

5.9CVSS5.1AI score0.00179EPSS

CVE-2017-7164

An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.

CVE•added 2018/06/08 6:29 p.m.•61 views

CVE-2018-4250

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message.

6.5CVSS5.6AI score0.00406EPSS

6.5CVSS7.4AI score0.00333EPSS

CVE-2018-4271

Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

4.3CVSS5.2AI score0.00218EPSS

CVE-2018-4307

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.

5.5CVSS6AI score0.00197EPSS

CVE-2018-4333

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

7.5CVSS7.5AI score0.0969EPSS

CVE-2018-4366

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

9.8CVSS8AI score0.06785EPSS

CVE-2018-4367

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

CVE•added 2020/10/27 8:15 p.m.•61 views

CVE-2019-8547

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update ...

9.8CVSS7AI score0.01002EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8593

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.

9.3CVSS8.3AI score0.00384EPSS

CVE•added 2019/12/18 6:15 p.m.•61 views

CVE-2019-8704

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.

5.5CVSS6AI score0.00047EPSS

CVE•added 2021/04/02 6:15 p.m.•61 views

CVE-2020-29624

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a m...

7.8CVSS7.9AI score0.00395EPSS

CVE•added 2020/04/01 6:15 p.m.•61 views

CVE-2020-9768

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.

9.3CVSS7.9AI score0.00477EPSS

CVE•added 2020/10/22 7:15 p.m.•61 views

CVE-2020-9901

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.

7.8CVSS7AI score0.00147EPSS

CVE•added 2020/10/22 7:15 p.m.•61 views

CVE-2020-9985

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

7.8CVSS8.3AI score0.00865EPSS

CVE•added 2021/09/08 3:15 p.m.•61 views

CVE-2021-1836

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files.

5.5CVSS5.6AI score0.00037EPSS

CVE•added 2021/09/08 3:15 p.m.•61 views

CVE-2021-1837

A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic.

5.3CVSS5.4AI score0.00089EPSS

CVE•added 2021/09/08 3:15 p.m.•61 views

CVE-2021-30656

An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout.

7.1CVSS5AI score0.00216EPSS

CVE•added 2021/10/28 7:15 p.m.•61 views

CVE-2021-30816

The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.

2.4CVSS3AI score0.00053EPSS

CVE•added 2023/09/27 3:18 p.m.•61 views

CVE-2023-35990

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.

3.3CVSS3.7AI score0.00033EPSS

CVE•added 2023/09/27 3:19 p.m.•61 views

CVE-2023-40424

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.

5.5CVSS4.9AI score0.00053EPSS

CVE•added 2023/09/27 3:19 p.m.•61 views

CVE-2023-40429

A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.

5.5CVSS4.9AI score0.00057EPSS

CVE•added 2024/01/23 1:15 a.m.•61 views

CVE-2023-42937

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.5 and iPadOS 16.7.5, watchOS 10.2, macOS Ventura 13.6.4, macOS Sonoma 14.2, macOS Monterey 12.7.3, iOS 17.2 and iPadOS 17.2. An app may be able to access sensitive user data.

5.5CVSS5.6AI score0.00021EPSS

CVE•added 2024/03/05 8:16 p.m.•61 views

CVE-2024-23256

A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled.

3.3CVSS6.3AI score0.00081EPSS

CVE•added 2024/07/29 11:15 p.m.•61 views

CVE-2024-27823

A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, macOS Ventura 13.6.7, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5. An attacker in a privileged network position may be able to spo...

5.9CVSS5.6AI score0.00189EPSS

CVE•added 2024/05/14 3:13 p.m.•61 views

CVE-2024-27841

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.

9.8CVSS5.1AI score0.00082EPSS

CVE•added 2024/07/29 11:15 p.m.•61 views

CVE-2024-40809

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. A shortcut may be able to bypass Internet permission requirements.

7.8CVSS5.7AI score0.00018EPSS

CVE•added 2025/03/31 11:15 p.m.•61 views

CVE-2025-24178

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

9.8CVSS5.8AI score0.00077EPSS

CVE•added 2025/03/31 11:15 p.m.•61 views

CVE-2025-31183

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

9.8CVSS5.4AI score0.00076EPSS

CVE•added 2011/05/03 10:55 p.m.•60 views

CVE-2011-1451

Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

7.5CVSS8.7AI score0.02271EPSS

CVE•added 2011/09/19 12:2 p.m.•60 views

CVE-2011-2857

Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.

6.8CVSS7AI score0.02104EPSS

CVE•added 2012/03/05 7:55 p.m.•60 views

CVE-2011-3037

Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8CVSS6.7AI score0.02756EPSS

CVE•added 2011/12/13 9:55 p.m.•60 views

CVE-2011-3908

Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

5CVSS6.1AI score0.0234EPSS

CVE•added 2012/03/08 10:55 p.m.•60 views

CVE-2012-0620

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2013/01/29 5:58 a.m.•60 views

CVE-2013-0964

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

3.6CVSS5.4AI score0.00063EPSS

2.1CVSS5.1AI score0.00076EPSS

CVE-2014-4356

Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

5.6CVSS5.5AI score0.00498EPSS

CVE-2014-4364

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

5.8CVSS5.8AI score0.0208EPSS

CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.