Apple iOS vulnerabilities

CVE-2020-9940 [HIGH] CWE-120 CVE-2020-9940: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVE-2020-9881 [HIGH] CWE-120 CVE-2020-9881: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVE-2020-9878 [HIGH] CWE-120 CVE-2020-9878: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVE-2020-9880 [HIGH] CWE-120 CVE-2020-9880: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and i A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVE-2021-30748 [HIGH] CWE-787 CVE-2021-30748: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2017-2462 [HIGH] CVE-2017-2462: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2462 Component: Audio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2021-30785 [HIGH] CWE-120 CVE-2021-30785: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macO A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-30775 [HIGH] CWE-787 CVE-2021-30775: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9919 [HIGH] CWE-787 CVE-2020-9919: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2017-2430 [HIGH] CVE-2017-2430: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2430 Component: Audio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2416 [HIGH] CVE-2017-2416: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2416 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2467 [HIGH] CVE-2017-2467: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2467 Component: CVE-2017-2467

CVE-2016-4673 [HIGH] CVE-2016-4673: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4673 Component: CoreGraphics Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2015-5776 [HIGH] CVE-2015-5776: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-5776 Component: CVE-ID Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking.

CVE-2017-7172 [HIGH] CVE-2017-7172: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-7172 Component: CFNetwork Session Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2487 [HIGH] CVE-2017-2487: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2487 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2435 [HIGH] CVE-2017-2435: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2435 Component: CoreText Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2018-4142 [HIGH] CVE-2018-4142: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4142 Component: CoreText Impact: Processing a maliciously crafted string may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling.

CVE-2020-9985 [HIGH] CWE-120 CVE-2020-9985: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVE-2020-9876 [HIGH] CWE-787 CVE-2020-9876: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary