Iphone Os@* Security Vulnerabilities and Issues — Page 65 of Iphone Os@* CVE List

7.8CVSS7.3AI score0.00233EPSS

CVE-2016-1751

The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.

9.3CVSS7.4AI score0.00736EPSS

CVE-2016-1775

TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

9.3CVSS8.9AI score0.01662EPSS

CVE-2016-1783

WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

5.8CVSS5.6AI score0.00441EPSS

CVE-2016-1786

The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted ...

CVE•added 2016/05/20 11:0 a.m.•46 views

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01328EPSS

CVE•added 2016/07/22 2:59 a.m.•46 views

CVE-2016-4626

IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.8CVSS7.6AI score0.00053EPSS

CVE•added 2017/04/20 5:59 p.m.•46 views

CVE-2016-4650

Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00279EPSS

CVE•added 2017/02/20 8:59 a.m.•46 views

CVE-2016-4670

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

3.3CVSS4.3AI score0.0006EPSS

CVE•added 2017/02/20 8:59 a.m.•46 views

CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted ar...

5.5CVSS5.3AI score0.00633EPSS

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-6981

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.

9.3CVSS7.7AI score0.00269EPSS

CVE•added 2017/05/22 5:29 a.m.•46 views

CVE-2017-6994

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS

CVE•added 2019/12/18 6:15 p.m.•46 views

CVE-2019-8617

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.

9.6CVSS7.3AI score0.00496EPSS

CVE•added 2019/12/18 6:15 p.m.•46 views

CVE-2019-8742

The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.

2.4CVSS4.5AI score0.00057EPSS

CVE•added 2020/12/08 9:15 p.m.•46 views

CVE-2020-27902

An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.

4.6CVSS4.1AI score0.00054EPSS

CVE•added 2020/04/01 6:15 p.m.•46 views

CVE-2020-3888

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts.

4.3CVSS5AI score0.00255EPSS

CVE•added 2020/04/01 6:15 p.m.•46 views

CVE-2020-3890

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.

5.3CVSS5.5AI score0.00237EPSS

CVE•added 2021/09/08 3:15 p.m.•46 views

CVE-2021-1862

Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.

2.4CVSS3.2AI score0.00057EPSS

CVE•added 2021/08/24 7:15 p.m.•46 views

CVE-2021-31013

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory.

5.5CVSS5.4AI score0.00343EPSS

CVE•added 2025/04/11 3:15 p.m.•46 views

CVE-2023-38614

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data.

4.3CVSS5.6AI score0.00022EPSS

CVE•added 2024/01/23 1:15 a.m.•46 views

CVE-2023-40528

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences.

5.5CVSS6AI score0.00006EPSS

CVE•added 2025/04/11 3:15 p.m.•46 views

CVE-2023-42969

An app may be able to break out of its sandbox. This issue is fixed in iOS 17 and iPadOS 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14, macOS Ventura 13.6, macOS Monterey 12.7. The issue was addressed with improved handling of caches.

3.3CVSS5.9AI score0.00011EPSS

CVE•added 2024/09/17 12:15 a.m.•46 views

CVE-2024-40852

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access.

7.5CVSS6.5AI score0.0012EPSS

CVE•added 2024/09/17 12:15 a.m.•46 views

CVE-2024-44198

An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

5.5CVSS6.6AI score0.00036EPSS

CVE•added 2024/12/12 2:15 a.m.•46 views

CVE-2024-54494

A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be w...

5.9CVSS5.7AI score0.00148EPSS

CVE•added 2024/12/12 2:15 a.m.•46 views

CVE-2024-54503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.

4.2CVSS5.4AI score0.00063EPSS

CVE•added 2025/03/31 11:15 p.m.•46 views

CVE-2025-24095

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences.

7.6CVSS5.9AI score0.00034EPSS

CVE•added 2025/01/27 10:15 p.m.•46 views

CVE-2025-24117

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.

5.5CVSS5.5AI score0.00022EPSS

CVE•added 2010/11/26 8:0 p.m.•45 views

CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

4.3CVSS5.6AI score0.00542EPSS

CVE•added 2011/03/11 10:55 p.m.•45 views

CVE-2011-0161

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.

4.3CVSS8AI score0.00391EPSS

CVE•added 2011/03/11 10:55 p.m.•45 views

CVE-2011-0162

Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.

7.8CVSS5.9AI score0.01975EPSS

CVE•added 2011/03/11 10:55 p.m.•45 views

CVE-2011-1418

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

5CVSS5.9AI score0.00388EPSS

9.3CVSS7.8AI score0.01849EPSS

CVE-2011-2873

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01997EPSS

CVE-2012-0609

9.3CVSS7.8AI score0.01997EPSS

CVE-2012-0617

CVE-2012-0618

CVE-2012-0621

CVE-2012-0625

CVE-2012-0629

CVE-2012-0635