Apple iOS vulnerabilities

CVE-2020-10135 [MEDIUM] CVE-2020-10135: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2020-10135 Component: The changes for this issue mitigate CVE-2020-10135.

CVE-2019-2102 [HIGH] CVE-2019-2102: iOS 12.3 Apple Security Update: About the security content of iOS 12.3 Product: iOS Version: 12.3 CVE: CVE-2019-2102 Component: Bluetooth Impact: Due to a misconfiguration in the Bluetooth pairing protocols of a Bluetooth Low Energy (BLE) version of FIDO Security Keys it may be possible for an attacker with physical proximity to be able to intercept Bluetooth traffic during pairing Description: This issue was addressed by disabling accessories with insecure Bl

CVE-2019-8612 [MEDIUM] CVE-2019-8612: iOS 12.3 Apple Security Update: About the security content of iOS 12.3 Product: iOS Version: 12.3 CVE: CVE-2019-8612 Component: Wi-Fi Impact: An attacker in a privileged network position can modify driver state Description: A logic issue was addressed with improved state management.

CVE-2019-5608 [CRITICAL] CVE-2019-5608: iOS 12.2 Apple Security Update: About the security content of iOS 12.2 Product: iOS Version: 12.2 CVE: CVE-2019-5608 Component: Kernel Impact: A remote attacker may be able to alter network traffic data Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.

CVE-2019-8906 [MEDIUM] CVE-2019-8906: iOS 12.2 Apple Security Update: About the security content of iOS 12.2 Product: iOS Version: 12.2 CVE: CVE-2019-8906 Component: Feedback Assistant Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks.

CVE-2019-6215 [HIGH] CWE-843 CVE-2019-6215: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6218 [HIGH] CWE-787 CVE-2019-6218: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2019-6202 [HIGH] CWE-125 CVE-2019-6202: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.

CVE-2019-6230 [HIGH] CWE-665 CVE-2019-6230: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,macOS Mojave 10.14.3,tvOS 12.1.2,watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

CVE-2019-6212 [HIGH] CWE-787 CVE-2019-6212: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6221 [HIGH] CWE-125 CVE-2019-6221: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges.

CVE-2019-6224 [HIGH] CWE-119 CVE-2019-6224: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.

CVE-2019-6233 [HIGH] CWE-787 CVE-2019-6233: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6234 [HIGH] CWE-787 CVE-2019-6234: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6223 [HIGH] CVE-2019-6223: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.

CVE-2019-6225 [HIGH] CWE-787 CVE-2019-6225: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

CVE-2019-6214 [HIGH] CWE-843 CVE-2019-6214: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1. A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.

CVE-2019-6211 [HIGH] CWE-787 CVE-2019-6211: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6219 [HIGH] CWE-20 CVE-2019-6219: A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

CVE-2019-6210 [HIGH] CWE-787 CVE-2019-6210: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.