Apple iOS vulnerabilities

CVE-2014-4485 [HIGH] CVE-2014-4485: iOS 8.1.3 Apple Security Update: About the security content of iOS 8.1.3 Product: iOS Version: 8.1.3 CVE: CVE-2014-4485 Component: CVE-ID

CVE-2019-8577 [HIGH] CWE-119 CVE-2019-8577: An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12 An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. An application may be able to gain elevated privileges.

CVE-2015-1063 [HIGH] CVE-2015-1063: iOS 8.2 Apple Security Update: About the security content of iOS 8.2 Product: iOS Version: 8.2 CVE: CVE-2015-1063 Component: CVE-ID Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: Multiple buffer overflows existed in the handling of data during iCloud Keychain recovery. These issues were addressed through improved bounds checking.

CVE-2017-2458 [HIGH] CVE-2017-2458: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2458 Component: Keyboards Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking.

CVE-2016-1824 [HIGH] CVE-2016-1824: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1824 Component: CVE-ID

CVE-2016-1829 [HIGH] CVE-2016-1829: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1829 Component: CVE-ID Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.

CVE-2016-1754 [HIGH] CVE-2016-1754: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1754 Component: CVE-ID

CVE-2017-13816 [HIGH] CVE-2017-13816: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13816 Component: Keyboard Suggestions Impact: Keyboard autocorrect suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.

CVE-2017-13813 [HIGH] CVE-2017-13813: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13813 Component: Keyboard Suggestions Impact: Keyboard autocorrect suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.

CVE-2016-1817 [HIGH] CVE-2016-1817: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1817 Component: CVE-ID

CVE-2020-9815 [HIGH] CWE-125 CVE-2020-9815: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9791 [HIGH] CWE-125 CVE-2020-9791: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9795 [HIGH] CWE-416 CVE-2020-9795: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30789 [HIGH] CWE-125 CVE-2021-30789: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

CVE-2020-3878 [HIGH] CWE-125 CVE-2020-3878: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2020-3870 [HIGH] CWE-125 CVE-2020-3870: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3. An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2017-7008 [HIGH] CVE-2017-7008: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7008 Component: CoreAudio Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved bounds checking.

CVE-2018-4126 [HIGH] CVE-2018-4126: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4126 Component: CFNetwork Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2407 [HIGH] CVE-2017-2407: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2407 Component: FontParser Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2406 [HIGH] CVE-2017-2406: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2406 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation.