Apple iOS vulnerabilities
1,765 known vulnerabilities affecting apple/ios.
Total CVEs
1,765
CISA KEV
27
actively exploited
Public exploits
229
Exploited in wild
43
Severity breakdown
CRITICAL119HIGH907MEDIUM638LOW94UNKNOWN7
Vulnerabilities
Page 43 of 89
CVE-2018-4394P3HIGHCVSS 7.8v12.12018-10-30
CVE-2018-4394 [HIGH] CVE-2018-4394: iOS 12.1
Apple Security Update: About the security content of iOS 12.1
Product: iOS
Version: 12.1
CVE: CVE-2018-4394
Component: ICU
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: A memory corruption issue was addressed with improved input validation.
apple
CVE-2020-9877P3HIGHCVSS 7.8≥ unspecified, < iOS 13.6 and iPadOS 13.62020-10-22
CVE-2020-9877 [HIGH] CWE-125 CVE-2020-9877: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-9873P3HIGHCVSS 7.8≥ unspecified, < iOS 13.6 and iPadOS 13.62020-10-22
CVE-2020-9873 [HIGH] CWE-125 CVE-2020-9873: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-9872P3HIGHCVSS 7.8≥ unspecified, < iOS 13.6 and iPadOS 13.62020-10-22
CVE-2020-9872 [HIGH] CWE-787 CVE-2020-9872: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2017-7013P4HIGHCVSS 7.8v10.3.32017-07-19
CVE-2017-7013 [HIGH] CVE-2017-7013: iOS 10.3.3
Apple Security Update: About the security content of iOS 10.3.3
Product: iOS
Version: 10.3.3
CVE: CVE-2017-7013
Component: Kernel
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
apple
CVE-2021-30774P3HIGHCVSS 7.8≥ unspecified, < 14.72021-09-08
CVE-2021-30774 [HIGH] CVE-2021-30774: A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.
nvd
CVE-2020-3829P3HIGHCVSS 7.8≥ unspecified, < iOS 13.3.1 and iPadOS 13.3.12020-02-27
CVE-2020-3829 [HIGH] CWE-125 CVE-2020-3829: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to gain elevated privileges.
nvd
CVE-2020-9862P3HIGHCVSS 7.8≥ unspecified, < iOS 13.6 and iPadOS 13.62020-10-16
CVE-2020-9862 [HIGH] CWE-77 CVE-2020-9862: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.
nvd
CVE-2016-7584P4HIGHCVSS 7.8v10.12016-10-24
CVE-2016-7584 [HIGH] CVE-2016-7584: iOS 10.1
Apple Security Update: About the security content of iOS 10.1
Product: iOS
Version: 10.1
CVE: CVE-2016-7584
Component: AppleMobileFileIntegrity
Impact: A signed executable may substitute code with the same team ID
Description: A validation issue existed in the handling of code signatures. This issue was addressed through additional validation.
apple
CVE-2018-4326P4HIGHCVSS 7.8v122018-09-17
CVE-2018-4326 [HIGH] CVE-2018-4326: iOS 12
Apple Security Update: About the security content of iOS 12
Product: iOS
Version: 12
CVE: CVE-2018-4326
Component: Kernel
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: A memory corruption issue was addressed with improved validation.
apple
CVE-2020-9863P3HIGHCVSS 7.8≥ unspecified, < iOS 13.6 and iPadOS 13.62020-10-22
CVE-2020-9863 [HIGH] CWE-665 CVE-2020-9863: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2022-32914P3HIGHCVSS 7.8v162022-09-12
CVE-2022-32914 [HIGH] CVE-2022-32914: iOS 16
Apple Security Update: About the security content of iOS 16
Product: iOS
Version: 16
CVE: CVE-2022-32914
Component: Kernel
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
apple
CVE-2016-4650P4HIGHCVSS 7.8v9.3.2
CVE-2016-4650 [HIGH] CVE-2016-4650: iOS 9.3.2
Apple Security Update: About the security content of iOS 9.3.2
Product: iOS
Version: 9.3.2
CVE: CVE-2016-4650
Component: CVE-ID
apple
CVE-2020-9785P3HIGHCVSS 7.8≥ unspecified, < iOS 13.4 and iPadOS 13.42020-04-01
CVE-2020-9785 [HIGH] CWE-787 CVE-2020-9785: Multiple memory corruption issues were addressed with improved state management. This issue is fixed
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2019-8593P3HIGHCVSS 7.8≥ unspecified, < iOS 12.32019-12-18
CVE-2019-8593 [HIGH] CWE-787 CVE-2019-8593: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. An application may be able to execute arbitrary code with system privileges.
nvdapple
CVE-2020-3919P3HIGHCVSS 7.8≥ unspecified, < iOS 13.4 and iPadOS 13.42020-04-01
CVE-2020-3919 [HIGH] CWE-665 CVE-2020-3919: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2016-4698P3HIGHCVSS 7.8v102016-09-13
CVE-2016-4698 [HIGH] CVE-2016-4698: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4698
Component: AppleMobileFileIntegrity
Impact: A local application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the task port inheritance policy. This issue was addressed through improved validation of the process entitlement and Team ID.
apple
CVE-2020-9830P3HIGHCVSS 7.8≥ unspecified, < iOS 13.5 and iPadOS 13.52020-06-09
CVE-2020-9830 [HIGH] CWE-787 CVE-2020-9830: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
nvd
CVE-2017-2499P3HIGHCVSS 7.8v10.3.22017-05-15
CVE-2017-2499 [HIGH] CVE-2017-2499: iOS 10.3.2
Apple Security Update: About the security content of iOS 10.3.2
Product: iOS
Version: 10.3.2
CVE: CVE-2017-2499
Component: WebKit Web Inspector
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2019-8552P4HIGHCVSS 7.8≥ unspecified, < iOS 12.22019-12-18
CVE-2019-8552 [HIGH] CWE-665 CVE-2019-8552: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to elevate privileges.
nvdapple