Apple iOS vulnerabilities

CVE-2018-4441 [HIGH] CVE-2018-4441: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4441 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4437 [HIGH] CVE-2018-4437: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4437 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4443 [HIGH] CVE-2018-4443: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4443 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4438 [HIGH] CVE-2018-4438: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4438 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2018-4303 [HIGH] CVE-2018-4303: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4303 Component: Airport Impact: A malicious application may be able to elevate privileges Description: A type confusion issue was addressed with improved memory handling.

CVE-2018-4461 [HIGH] CVE-2018-4461: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4461 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4447 [HIGH] CVE-2018-4447: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4447 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management.

CVE-2018-4465 [HIGH] CVE-2018-4465: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4465 Component: Disk Images Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4442 [HIGH] CVE-2018-4442: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4442 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4445 [MEDIUM] CVE-2018-4445: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4445 Component: Safari Impact: A user may be unable to fully delete browsing history Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion.

CVE-2018-4429 [MEDIUM] CVE-2018-4429: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4429 Component: LinkPresentation Impact: Processing a maliciously crafted email may lead to user interface spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2018-4440 [MEDIUM] CVE-2018-4440: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4440 Component: Safari Impact: Visiting a malicious website may lead to address bar spoofing Description: A logic issue was addressed with improved state management.

CVE-2018-4439 [MEDIUM] CVE-2018-4439: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4439 Component: Safari Impact: Visiting a malicious website may lead to user interface spoofing Description: A logic issue was addressed with improved validation.

CVE-2018-4431 [MEDIUM] CVE-2018-4431: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4431 Component: Kernel Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling.

CVE-2018-4460 [MEDIUM] CVE-2018-4460: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4460 Component: Kernel Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed by removing the vulnerable code.

CVE-2018-4430 [LOW] CVE-2018-4430: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4430 Component: FaceTime Impact: A local attacker may be able to view contacts from the lock screen Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.

CVE-2018-4446 [LOW] CVE-2018-4446: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4446 Component: File Provider Impact: A malicious application may be able to learn information about the presence of other applications on the device Description: This issue was addressed with improved entitlements.

CVE-2018-4367 [CRITICAL] CVE-2018-4367: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4367 Component: FaceTime Impact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4371 [HIGH] CVE-2018-4371: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4371 Component: IPSec Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved input validation.

CVE-2018-4382 [HIGH] CVE-2018-4382: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4382 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.