Apple iOS vulnerabilities

CVE-2020-9992 [HIGH] CVE-2020-9992: This issue was addressed by encrypting communications over the network to devices running iOS 14, iP This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.

CVE-2019-8602 [HIGH] CWE-787 CVE-2019-8602: A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges.

CVE-2018-4343 [HIGH] CVE-2018-4343: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4343 Component: Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2016-4725 [HIGH] CVE-2016-4725: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4725 Component: IOAcceleratorFamily Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation.

CVE-2020-9794 [HIGH] CWE-125 CVE-2020-9794: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

CVE-2017-2389 [HIGH] CVE-2017-2389: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2389 Component: Safari Impact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites Description: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.

CVE-2017-13905 [HIGH] CVE-2017-13905: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-13905 Component: Auto Unlock Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation.

CVE-2017-2441 [HIGH] CVE-2017-2441: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2441 Component: CVE-2017-2441 Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-7643 [HIGH] CVE-2016-7643: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7643 Component: ImageIO Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2018-4311 [HIGH] CVE-2018-4311: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4311 Component: WebKit Impact: Cross-origin SecurityErrors includes the accessed frame’s origin Description: The issue was addressed by removing origin information.

CVE-2015-3686 [HIGH] CVE-2015-3686: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3686 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade securit

CVE-2015-3688 [HIGH] CVE-2015-3688: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3688 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade securit

CVE-2015-3687 [HIGH] CVE-2015-3687: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3687 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade securit

CVE-2018-4319 [HIGH] CVE-2018-4319: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4319 Component: WebKit Impact: A malicious website may cause unexepected cross-origin behavior Description: A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins.

CVE-2022-32898 [HIGH] CVE-2022-32898: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32898 Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling.

CVE-2017-7086 [HIGH] CVE-2017-7086: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7086 Component: Keyboard Suggestions Impact: Keyboard autocorrect suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.

CVE-2016-1834 [HIGH] CVE-2016-1834: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1834 Component: CVE-ID Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2020-10135 [MEDIUM] CVE-2020-10135: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2020-10135 Component: The changes for this issue mitigate CVE-2020-10135.

CVE-2015-3689 [HIGH] CVE-2015-3689: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3689 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade securit

CVE-2015-3685 [HIGH] CVE-2015-3685: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3685 Component: CVE-2015-1157 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade securit