Apple iOS vulnerabilities
479 known vulnerabilities affecting apple/ios.
Total CVEs
479
CISA KEV
18
actively exploited
Public exploits
36
Exploited in wild
19
Severity breakdown
CRITICAL32HIGH288MEDIUM132LOW27
Vulnerabilities
Page 4 of 24
CVE-2021-30763MEDIUMCVSS 5.5≥ unspecified, < 14.72021-09-08
CVE-2021-30763 [MEDIUM] CWE-20 CVE-2021-30763: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements.
cvelistv5nvd
CVE-2021-30804LOWCVSS 3.3≥ unspecified, < 14.72021-09-08
CVE-2021-30804 [LOW] CVE-2021-30804: A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malic
A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.
cvelistv5nvd
CVE-2021-30858HIGHCVSS 8.8KEV≥ unspecified, < 14.82021-08-24
CVE-2021-30858 [HIGH] CWE-416 CVE-2021-30858: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
cvelistv5nvd
CVE-2021-30860HIGHCVSS 7.8KEV≥ unspecified, < 14.82021-08-24
CVE-2021-30860 [HIGH] CVE-2021-30860: An integer overflow was addressed with improved input validation
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
cvelistv5
CVE-2021-30871MEDIUMCVSS 5.5≥ unspecified, < 14.72021-08-24
CVE-2021-30871 [MEDIUM] CVE-2021-30871: This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS
This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data.
cvelistv5nvd
CVE-2020-27951HIGHCVSS 7.8≥ unspecified, < 12.52021-04-02
CVE-2020-27951 [HIGH] CVE-2020-27951: This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.
This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.
cvelistv5nvd
CVE-2021-1879MEDIUMCVSS 6.1KEV≥ unspecified, < 12.52021-04-02
CVE-2021-1879 [MEDIUM] CWE-79 CVE-2021-1879: This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
cvelistv5nvd
CVE-2020-27929MEDIUMCVSS 5.5≥ unspecified, < 12.42020-12-08
CVE-2020-27929 [MEDIUM] CVE-2020-27929: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.
cvelistv5nvd
CVE-2019-8746CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8746 [CRITICAL] CWE-125 CVE-2019-8746: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected ap
cvelistv5nvd
CVE-2019-8547CRITICALCVSS 9.8≥ unspecified, < 12.22020-10-27
CVE-2019-8547 [CRITICAL] CWE-125 CVE-2019-8547: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
cvelistv5nvd
CVE-2019-8749CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8749 [CRITICAL] CWE-787 CVE-2019-8749: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
cvelistv5nvd
CVE-2019-8531CRITICALCVSS 9.8≥ unspecified, < 12.22020-10-27
CVE-2019-8531 [CRITICAL] CWE-295 CVE-2019-8531: A validation issue existed in Trust Anchor Management. This issue was addressed with improved valida
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.
cvelistv5nvd
CVE-2019-8756CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8756 [CRITICAL] CWE-787 CVE-2019-8756: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
cvelistv5nvd
CVE-2019-7288CRITICALCVSS 9.8≥ unspecified, < 12.12020-10-27
CVE-2019-7288 [CRITICAL] CVE-2019-7288: The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macO
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .
cvelistv5nvd
CVE-2019-8712CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8712 [CRITICAL] CWE-787 CVE-2019-8712: A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchO
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.
cvelistv5nvd
CVE-2019-8631HIGHCVSS 7.5≥ unspecified, < 12.32020-10-27
CVE-2019-8631 [HIGH] CVE-2019-8631: A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.1
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.
cvelistv5nvd
CVE-2019-8728HIGHCVSS 8.8≥ unspecified, < 132020-10-27
CVE-2019-8728 [HIGH] CWE-787 CVE-2019-8728: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2019-8715HIGHCVSS 7.8≥ unspecified, < 132020-10-27
CVE-2019-8715 [HIGH] CWE-787 CVE-2019-8715: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.
cvelistv5nvd
CVE-2019-8639HIGHCVSS 8.8≥ unspecified, < 12.22020-10-27
CVE-2019-8639 [HIGH] CWE-787 CVE-2019-8639: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2019-8825HIGHCVSS 8.8≥ unspecified, < 132020-10-27
CVE-2019-8825 [HIGH] CWE-787 CVE-2019-8825: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code ex
cvelistv5nvd