Iphone Os@* Security Vulnerabilities and Issues — Page 72 of Iphone Os@* CVE List

Lucene search

AppleIphone Os*

3624 matches found

CVE•added 2015/12/11 11:59 a.m.•37 views

CVE-2015-7079

dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.01096EPSS

CVE•added 2016/05/20 10:59 a.m.•37 views

CVE-2016-1790

Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3CVSS4AI score0.00336EPSS

CVE•added 2017/02/20 8:59 a.m.•37 views

CVE-2016-7601

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.

6.8CVSS5.5AI score0.0016EPSS

CVE•added 2019/04/03 6:29 p.m.•37 views

CVE-2018-4379

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.

5.5CVSS4.8AI score0.0006EPSS

CVE•added 2023/09/27 3:19 p.m.•37 views

CVE-2023-40443

The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.

7.8CVSS6.6AI score0.00112EPSS

CVE•added 2024/01/10 10:15 p.m.•37 views

CVE-2023-40529

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.

2.4CVSS2.2AI score0.00125EPSS

CVE•added 2024/09/17 12:15 a.m.•37 views

CVE-2024-27869

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to record the screen without an indicator.

7.5CVSS5.8AI score0.00136EPSS

CVE•added 2024/09/17 12:15 a.m.•37 views

CVE-2024-40863

This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to leak sensitive user information.

5.5CVSS5.8AI score0.00053EPSS

CVE•added 2024/09/17 12:15 a.m.•37 views

CVE-2024-44124

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.

6.5CVSS6.3AI score0.0006EPSS

CVE•added 2024/10/28 9:15 p.m.•37 views

CVE-2024-44235

The issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.

4.6CVSS5.3AI score0.0005EPSS

CVE•added 2025/01/27 10:15 p.m.•37 views

CVE-2024-54541

This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.

5.5CVSS5.9AI score0.00026EPSS

CVE•added 2013/09/19 10:28 a.m.•36 views

CVE-2013-5152

Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.

4.3CVSS5.8AI score0.00366EPSS

CVE•added 2014/11/18 11:59 a.m.•36 views

CVE-2014-4463

Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature.

2.1CVSS5.9AI score0.00082EPSS

CVE•added 2015/04/10 2:59 p.m.•36 views

CVE-2015-1107

The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.

1.9CVSS5.6AI score0.00058EPSS

CVE•added 2015/08/17 12:0 a.m.•36 views

CVE-2015-5752

Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

5CVSS5.6AI score0.00431EPSS

CVE•added 2015/09/18 10:59 a.m.•36 views

CVE-2015-5843

IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00072EPSS

CVE•added 2015/12/11 11:59 a.m.•36 views

CVE-2015-7037

Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.

5CVSS5.7AI score0.00224EPSS

CVE•added 2017/02/20 8:59 a.m.•36 views

CVE-2016-7762

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.

6.1CVSS4.9AI score0.00266EPSS

CVE•added 2019/04/03 6:29 p.m.•36 views

CVE-2018-4446

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.

4.3CVSS4.4AI score0.0019EPSS

CVE•added 2024/09/17 12:15 a.m.•36 views

CVE-2024-27874

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.

7.5CVSS6.3AI score0.00177EPSS

CVE•added 2024/09/17 12:15 a.m.•36 views

CVE-2024-40850

A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to access user-sensitive data.

5.5CVSS5.8AI score0.00044EPSS

CVE•added 2024/09/17 12:15 a.m.•36 views

CVE-2024-44139

The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen.

2.4CVSS5.5AI score0.0005EPSS

CVE•added 2024/10/28 9:15 p.m.•36 views

CVE-2024-44263

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.

5.5CVSS5.3AI score0.00031EPSS

CVE•added 2024/12/12 2:15 a.m.•36 views

CVE-2024-44299

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

9.8CVSS7.2AI score0.0017EPSS

CVE•added 2024/12/12 2:15 a.m.•36 views

CVE-2024-54485

The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.

5.5CVSS5.5AI score0.00021EPSS

CVE•added 2025/03/10 7:15 p.m.•36 views

CVE-2024-54560

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.

5.5CVSS5.6AI score0.00012EPSS

CVE•added 2009/09/10 9:30 p.m.•35 views

CVE-2009-2206

Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 fil...

6.8CVSS7.9AI score0.05067EPSS

CVE•added 2010/06/22 8:30 p.m.•35 views

CVE-2010-1756

The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.

5.8CVSS6.1AI score0.00338EPSS

CVE•added 2010/11/26 8:0 p.m.•35 views

CVE-2010-3827

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

4.3CVSS5.8AI score0.0056EPSS

CVE•added 2014/07/01 10:17 a.m.•35 views

CVE-2014-1350

Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management.

4.6CVSS6AI score0.00063EPSS

CVE•added 2015/01/30 11:59 a.m.•35 views

CVE-2014-4467

WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

4.3CVSS5.7AI score0.00205EPSS

CVE•added 2015/07/03 2:0 a.m.•35 views

CVE-2015-3726

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.

4.6CVSS7AI score0.00326EPSS

CVE•added 2015/08/16 11:59 p.m.•35 views

CVE-2015-3756

The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.

2.1CVSS5.9AI score0.00037EPSS

CVE•added 2015/10/23 10:59 a.m.•35 views

CVE-2015-6981

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1.

6.8CVSS7.9AI score0.01314EPSS

CVE•added 2015/10/23 10:59 a.m.•35 views

CVE-2015-6982

6.8CVSS7.9AI score0.01314EPSS

CVE•added 2015/10/23 10:59 a.m.•35 views

CVE-2015-7022

The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app.

4.3CVSS4.8AI score0.003EPSS

CVE•added 2017/02/20 8:59 a.m.•35 views

CVE-2016-7638

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication.

4.6CVSS4.2AI score0.00286EPSS

CVE•added 2023/09/27 3:19 p.m.•35 views

CVE-2023-40428

The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data.

5.5CVSS4.2AI score0.00116EPSS

CVE•added 2024/01/10 10:15 p.m.•35 views

CVE-2023-42871

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.4AI score0.00084EPSS

CVE•added 2024/09/17 12:15 a.m.•35 views

CVE-2024-44127

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication.

5.3CVSS6.3AI score0.00108EPSS

CVE•added 2024/09/17 12:15 a.m.•35 views

CVE-2024-44147

This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An app may gain unauthorized access to Local Network.

7.7CVSS6.4AI score0.00046EPSS

CVE•added 2024/10/28 9:15 p.m.•35 views

CVE-2024-44261

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to view restricted content from the lock screen.

6.2CVSS5.6AI score0.00032EPSS

CVE•added 2025/05/12 10:15 p.m.•35 views

CVE-2025-24225

An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.

6.5CVSS6.2AI score0.00037EPSS

CVE•added 2025/05/12 10:15 p.m.•35 views

CVE-2025-31209

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.

6.3CVSS5.6AI score0.0006EPSS

CVE•added 2025/05/12 10:15 p.m.•35 views

CVE-2025-31225

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.

7.1CVSS6.1AI score0.00048EPSS

CVE•added 2010/06/22 8:30 p.m.•34 views

CVE-2010-1754

Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.

6.9CVSS5.8AI score0.00065EPSS

CVE•added 2010/09/09 10:0 p.m.•34 views

CVE-2010-1809

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.

10CVSS6AI score0.00857EPSS

CVE•added 2013/09/19 10:28 a.m.•34 views

CVE-2013-5149

The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.

4.3CVSS4.9AI score0.003EPSS

CVE•added 2016/07/22 2:59 a.m.•34 views

CVE-2016-4603

Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.

4.3CVSS5.2AI score0.003EPSS

CVE•added 2023/09/06 2:15 a.m.•34 views

CVE-2023-28208

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.

4.3CVSS4.1AI score0.00229EPSS

Total number of security vulnerabilities3624