Apple iOS vulnerabilities

CVE-2019-8599 [LOW] CVE-2019-8599: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person wi A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.

CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

CVE-2019-8775 [LOW] CVE-2019-8775: The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

CVE-2019-8796 [MEDIUM] CVE-2019-8796: iOS 12.4.3 Apple Security Update: About the security content of iOS 12.4.3 Product: iOS Version: 12.4.3 CVE: CVE-2019-8796 Component: Accounts Impact: AirDrop transfers may be unexpectedly accepted while in Everyone mode Description: A logic issue was addressed with improved validation.

CVE-2019-8745 [HIGH] CVE-2019-8745: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8745 Component: UIFoundation Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8726 [HIGH] CVE-2019-8726: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8726 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8717 [HIGH] CVE-2019-8717: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8717 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8733 [HIGH] CVE-2019-8733: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8733 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8735 [HIGH] CVE-2019-8735: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8735 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8707 [HIGH] CVE-2019-8707: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8707 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8768 [MEDIUM] CVE-2019-8768: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8768 Component: WebKit Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not fully clear the history. The issue was addressed with improved data deletion.

CVE-2019-8705 [MEDIUM] CVE-2019-8705: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8705 Component: CoreAudio Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation.

CVE-2019-8719 [MEDIUM] CVE-2019-8719: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8719 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management.

CVE-2019-8704 [MEDIUM] CVE-2019-8704: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8704 Component: Keyboards Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management.

CVE-2019-8764 [MEDIUM] CVE-2019-8764: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8764 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management.

CVE-2019-8625 [MEDIUM] CVE-2019-8625: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8625 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management.

CVE-2019-8730 [LOW] CVE-2019-8730: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8730 Component: Notes Impact: A local user may be able to view a user’s locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup.

CVE-2019-9506 [HIGH] CVE-2019-9506: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2019-9506 Component: Bluetooth Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-16860 [HIGH] CVE-2018-16860: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2018-16860 Component: Heimdal Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2019-13118 [MEDIUM] CVE-2019-13118: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2019-13118 Component: Image Processing Impact: Processing a maliciously crafted image may lead to a denial of service Description: A denial of service issue was addressed with improved validation.