Apple iOS vulnerabilities

CVE-2018-4140 [HIGH] CVE-2018-4140: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4140 Component: Telephony Impact: A remote attacker can cause a device to unexpectedly restart Description: A null pointer dereference issue existed when handling Class 0 SMS messages. This issue was addressed with improved message validation.

CVE-2015-1103 [HIGH] CVE-2015-1103: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1103 Component: CVE-ID

CVE-2017-7007 [HIGH] CVE-2017-7007: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7007 Component: EventKitUI Impact: A remote attacker may cause an unexpected application termination Description: A resource exhaustion issue was addressed through improved input validation.

CVE-2016-8687 [HIGH] CVE-2016-8687: iOS 10.2.1 Apple Security Update: About the security content of iOS 10.2.1 Product: iOS Version: 10.2.1 CVE: CVE-2016-8687 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management.

CVE-2016-4483 [HIGH] CVE-2016-4483: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4483 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2020-9905 [HIGH] CWE-120 CVE-2020-9905: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and i A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.

CVE-2015-7038 [MEDIUM] CVE-2015-7038: iOS 9.2 Apple Security Update: About the security content of iOS 9.2 Product: iOS Version: 9.2 CVE: CVE-2015-7038 Component: CVE-ID Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling.

CVE-2018-16860 [HIGH] CVE-2018-16860: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2018-16860 Component: Heimdal Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2016-1842 [HIGH] CVE-2016-1842: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1842 Component: CVE-ID

CVE-2017-11122 [HIGH] CVE-2017-11122: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-11122 Component: Wi-Fi Impact: A attacker within range may be able to read restricted memory from the Wi-Fi chipset Description: A validation issue was addressed with improved input sanitization.

CVE-2016-1683 [HIGH] CVE-2016-1683: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-1683 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2016-9643 [HIGH] CVE-2016-9643: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2016-9643 Component: WebKit Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing.

CVE-2015-3797 [HIGH] CVE-2015-3797: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3797 Component: CVE-ID

CVE-2016-1684 [HIGH] CVE-2016-1684: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-1684 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2018-4474 [HIGH] CWE-400 CVE-2018-4474: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iClou A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.

CVE-2020-9827 [HIGH] CVE-2020-9827: A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 1 A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

CVE-2019-6219 [HIGH] CWE-20 CVE-2019-6219: A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

CVE-2017-7116 [HIGH] CVE-2017-7116: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7116 Component: Wi-Fi Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8516 [HIGH] CWE-20 CVE-2019-8516: A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.

CVE-2020-9837 [HIGH] CWE-125 CVE-2020-9837: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.