Apple iOS vulnerabilities

CVE-2018-4347 [HIGH] CVE-2018-4347: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4347 Component: CoreText Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2018-4299 [HIGH] CVE-2018-4299: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4299 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4354 [HIGH] CVE-2018-4354: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4354 Component: IOKit Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4414 [HIGH] CVE-2018-4414: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4414 Component: CoreFoundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved input validation.

CVE-2018-4336 [HIGH] CVE-2018-4336: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4336 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4343 [HIGH] CVE-2018-4343: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4343 Component: Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4323 [HIGH] CVE-2018-4323: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4323 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2018-4315 [HIGH] CVE-2018-4315: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4315 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2018-4326 [HIGH] CVE-2018-4326: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4326 Component: Kernel Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved validation.

CVE-2018-4401 [HIGH] CVE-2018-4401: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4401 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4425 [HIGH] CVE-2018-4425: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4425 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4309 [MEDIUM] CVE-2018-4309: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4309 Component: WebKit Impact: A malicious website may be able to execute scripts in the context of another website Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.

CVE-2018-4395 [MEDIUM] CVE-2018-4395: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4395 Component: Security Impact: A local user may be able to cause a denial of service Description: This issue was addressed with improved checks.

CVE-2018-4363 [MEDIUM] CVE-2018-4363: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4363 Component: Kernel Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4356 [MEDIUM] CVE-2018-4356: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4356 Component: CoreMedia Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2018-4355 [MEDIUM] CVE-2018-4355: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4355 Component: Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4335 [MEDIUM] CVE-2018-4335: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4335 Component: IOMobileFrameBuffer Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4345 [MEDIUM] CVE-2018-4345: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4345 Component: WebKit Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.

CVE-2018-4313 [MEDIUM] CVE-2018-4313: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4313 Component: Messages Impact: A local user may be able to discover a user’s deleted messages Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.

CVE-2018-4307 [MEDIUM] CVE-2018-4307: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4307 Component: Safari Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management.