Apple iOS vulnerabilities

CVE-2018-4391 [MEDIUM] CVE-2018-4391: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4391 Component: Messages Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2018-4400 [MEDIUM] CVE-2018-4400: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4400 Component: Security Impact: Processing a maliciously crafted S/MIME signed message may lead to a denial of service Description: A validation issue was addressed with improved logic.

CVE-2018-4409 [MEDIUM] CVE-2018-4409: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4409 Component: WebKit Impact: A malicious website may be able to cause a denial of service Description: A resource exhaustion issue was addressed with improved input validation.

CVE-2018-4368 [MEDIUM] CVE-2018-4368: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4368 Component: WiFi Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation.

CVE-2018-4377 [MEDIUM] CVE-2018-4377: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4377 Component: Safari Reader Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.

CVE-2018-4374 [MEDIUM] CVE-2018-4374: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4374 Component: Safari Reader Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: A logic issue was addressed with improved validation.

CVE-2018-4387 [LOW] CVE-2018-4387: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4387 Component: VoiceOver Impact: A local attacker may be able to view photos from the lock screen Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.

CVE-2018-4380 [MEDIUM] CVE-2018-4380: iOS 12.0.1 Apple Security Update: About the security content of iOS 12.0.1 Product: iOS Version: 12.0.1 CVE: CVE-2018-4380 Component: VoiceOver Impact: A local attacker may be able to view photos and contacts from the lock screen Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.

CVE-2018-4379 [MEDIUM] CVE-2018-4379: iOS 12.0.1 Apple Security Update: About the security content of iOS 12.0.1 Product: iOS Version: 12.0.1 CVE: CVE-2018-4379 Component: Quick Look Impact: A local attacker may be able to share items from the lock screen Description: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.

CVE-2018-4310 [CRITICAL] CVE-2018-4310: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4310 Component: MediaRemote Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions.

CVE-2018-4331 [CRITICAL] CVE-2018-4331: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4331 Component: Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4332 [CRITICAL] CVE-2018-4332: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4332 Component: Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4191 [HIGH] CVE-2018-4191: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4191 Component: WebKit Impact: Unexpected interaction causes an ASSERT failure Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4306 [HIGH] CVE-2018-4306: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4306 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2018-4337 [HIGH] CVE-2018-4337: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4337 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4329 [HIGH] CVE-2018-4329: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4329 Component: Safari Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.

CVE-2018-4360 [HIGH] CVE-2018-4360: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4360 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4359 [HIGH] CVE-2018-4359: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4359 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4383 [HIGH] CVE-2018-4383: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4383 Component: IOKit Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management.

CVE-2018-4344 [HIGH] CVE-2018-4344: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4344 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.