Iphone Os@* Security Vulnerabilities and Issues — Page 69 of Iphone Os@* CVE List

Lucene search

AppleIphone Os*

3650 matches found

CVE•added 2009/06/19 4:30 p.m.•42 views

CVE-2009-0958

Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive...

4.3CVSS5.8AI score0.00254EPSS

CVE•added 2009/06/19 4:30 p.m.•42 views

CVE-2009-0961

The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an ...

5CVSS6.4AI score0.04263EPSS

CVE•added 2010/06/22 8:30 p.m.•42 views

CVE-2010-1753

ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.

6.8CVSS7.8AI score0.01512EPSS

CVE•added 2012/03/08 10:55 p.m.•42 views

CVE-2011-2872

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•42 views

CVE-2012-0597

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•42 views

CVE-2012-0627

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/09/13 10:30 a.m.•42 views

CVE-2012-3607

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01664EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3726

Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.

6.8CVSS7.5AI score0.01314EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3729

The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface.

1.9CVSS4.5AI score0.00068EPSS

CVE•added 2012/09/20 9:55 p.m.•42 views

CVE-2012-3739

The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera.

2.1CVSS5.6AI score0.00053EPSS

CVE•added 2013/01/29 5:58 a.m.•42 views

CVE-2013-0950

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS

CVE•added 2013/01/29 5:58 a.m.•42 views

CVE-2013-0956

6.8CVSS7.8AI score0.01314EPSS

CVE•added 2013/09/19 10:27 a.m.•42 views

CVE-2013-0957

Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.

5.8CVSS5.7AI score0.00288EPSS

CVE•added 2013/01/29 5:58 a.m.•42 views

CVE-2013-0968

6.8CVSS7.9AI score0.01096EPSS

CVE•added 2013/10/24 3:48 a.m.•42 views

CVE-2013-5162

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.

2.1CVSS5.9AI score0.00057EPSS

CVE•added 2013/10/24 3:48 a.m.•42 views

CVE-2013-5164

Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.

3.3CVSS6.1AI score0.00047EPSS

CVE•added 2015/04/10 2:59 p.m.•42 views

CVE-2015-1085

AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.

1.9CVSS5.6AI score0.00069EPSS

CVE•added 2015/04/10 2:59 p.m.•42 views

CVE-2015-1113

The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app.

1.9CVSS5.5AI score0.00069EPSS

CVE•added 2015/08/16 11:59 p.m.•42 views

CVE-2015-3758

UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.

4.3CVSS5.9AI score0.00291EPSS

CVE•added 2015/08/17 12:0 a.m.•42 views

CVE-2015-3806

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

7.2CVSS7.5AI score0.00052EPSS

CVE•added 2015/08/17 12:1 a.m.•42 views

CVE-2015-5778

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.

6.8CVSS8.7AI score0.01866EPSS

CVE•added 2015/10/23 10:59 a.m.•42 views

CVE-2015-6999

The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.

5CVSS5.7AI score0.0022EPSS

CVE•added 2015/12/11 11:59 a.m.•42 views

CVE-2015-7069

Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.

9.3CVSS6.9AI score0.00867EPSS

CVE•added 2015/12/11 11:59 a.m.•42 views

CVE-2015-7070

9.3CVSS6.9AI score0.00867EPSS

CVE•added 2016/03/24 1:59 a.m.•42 views

CVE-2016-1782

WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.

6.5CVSS6.4AI score0.00699EPSS

CVE•added 2016/05/20 10:59 a.m.•42 views

CVE-2016-1811

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

6.5CVSS6AI score0.01032EPSS

CVE•added 2016/05/20 10:59 a.m.•42 views

CVE-2016-1823

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDRe...

9.3CVSS7.6AI score0.03188EPSS

CVE•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4593

The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.

2.4CVSS4.9AI score0.00065EPSS

CVE•added 2017/05/22 5:29 a.m.•42 views

CVE-2017-6999

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS

CVE•added 2019/04/03 6:29 p.m.•42 views

CVE-2018-4327

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.

9.3CVSS7.1AI score0.15106EPSS

CVE•added 2019/04/03 6:29 p.m.•42 views

CVE-2018-4335

A validation issue was addressed with improved input sanitization. This issue affected versions prior to iOS 12.

5.5CVSS6AI score0.00226EPSS

CVE•added 2019/04/03 6:29 p.m.•42 views

CVE-2018-4461

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

9.3CVSS7.2AI score0.00185EPSS

CVE•added 2023/06/23 6:15 p.m.•42 views

CVE-2022-42792

This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information

5.5CVSS4.2AI score0.00053EPSS

CVE•added 2009/09/10 9:30 p.m.•41 views

CVE-2009-2795

Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."

7.2CVSS6.5AI score0.0007EPSS

CVE•added 2010/06/22 8:30 p.m.•41 views

CVE-2010-1775

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

1.9CVSS5.9AI score0.00048EPSS

CVE•added 2010/09/09 10:0 p.m.•41 views

CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

3.5CVSS5.6AI score0.00125EPSS

CVE•added 2010/09/09 10:0 p.m.•41 views

CVE-2010-1817

Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

6.8CVSS7.8AI score0.01336EPSS

CVE•added 2012/03/08 10:55 p.m.•41 views

CVE-2011-2871

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•41 views

CVE-2012-0606

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•41 views

CVE-2012-0607

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•41 views

CVE-2012-0630

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3733

Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in ...

4.3CVSS5.2AI score0.00346EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3745

Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message.

5CVSS6.1AI score0.00583EPSS

CVE•added 2012/09/20 9:55 p.m.•41 views

CVE-2012-3746

UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.

4.3CVSS5.4AI score0.00335EPSS

CVE•added 2013/01/29 5:58 a.m.•41 views

CVE-2013-0952

6.8CVSS7.8AI score0.01314EPSS

CVE•added 2013/09/19 10:28 a.m.•41 views

CVE-2013-5154

The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.

4.3CVSS5.6AI score0.00291EPSS

CVE•added 2013/09/19 10:28 a.m.•41 views

CVE-2013-5159

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.

4.3CVSS5.6AI score0.00285EPSS

CVE•added 2013/12/18 4:4 p.m.•41 views

CVE-2013-5198

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2014/07/01 10:17 a.m.•41 views

CVE-2014-1352

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.

1.9CVSS5.7AI score0.00067EPSS

CVE•added 2014/07/01 10:17 a.m.•41 views

CVE-2014-1354

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data.

6.8CVSS7.7AI score0.01314EPSS

Total number of security vulnerabilities3650