Apple iOS vulnerabilities

CVE-2022-32875 [MEDIUM] CVE-2022-32875: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32875 Component: Weather Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management.

CVE-2022-32858 [MEDIUM] CVE-2022-32858: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32858 Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling.

CVE-2022-32827 [MEDIUM] CVE-2022-32827: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32827 Component: AppleAVD Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management.

CVE-2022-1622 [MEDIUM] CVE-2022-1622: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-1622 Component: CVE-2022-1622

CVE-2022-32881 [MEDIUM] CVE-2022-32881: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32881 Component: Sandbox Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions.

CVE-2022-32928 [MEDIUM] CVE-2022-32928: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32928 Component: Exchange Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions.

CVE-2022-42793 [MEDIUM] CVE-2022-42793: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-42793 Component: Security Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks.

CVE-2022-42790 [MEDIUM] CVE-2022-42790: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-42790 Component: Sidecar Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management.

CVE-2022-32918 [MEDIUM] CVE-2022-32918: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32918 Component: Photos Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection.

CVE-2022-32870 [LOW] CVE-2022-32870: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32870 Component: Siri Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management.

CVE-2022-32913 [LOW] CVE-2022-32913: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32913 Component: Image Processing Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2022-32867 [LOW] CVE-2022-32867: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32867 Component: Crash Reporter Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection.

CVE-2022-32879 [LOW] CVE-2022-32879: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32879 Component: Notifications Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management.

CVE-2022-32893 [HIGH] CVE-2022-32893: iOS 12.5.6 Apple Security Update: About the security content of iOS 12.5.6 Product: iOS Version: 12.5.6 CVE: CVE-2022-32893 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32894 [HIGH] CVE-2022-32894: iOS 12.5.6 Apple Security Update: About the security content of iOS 12.5.6 Product: iOS Version: 12.5.6 CVE: CVE-2022-32894 Component: About Apple security updates

CVE-2019-25071 [HIGH] CWE-269 CVE-2019-25071: A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected b A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of thi

CVE-2019-8703 [CRITICAL] CVE-2019-8703: This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macO This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

CVE-2017-13880 [HIGH] CVE-2017-13880: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.

CVE-2018-4302 [HIGH] CWE-476 CVE-2018-4302: A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

CVE-2019-8702 [MEDIUM] CWE-668 CVE-2019-8702: This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Securi This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.