Apple iOS vulnerabilities

CVE-2019-8787 [HIGH] CWE-125 CVE-2019-8787: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.

CVE-2016-7667 [HIGH] CVE-2016-7667: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7667 Component: CoreText Impact: Processing a maliciously crafted string may lead to a denial of service Description: An issue when rendering overlapping ranges was addressed through improved validation.

CVE-2017-7090 [HIGH] CVE-2017-7090: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7090 Component: WebKit Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.

CVE-2017-2377 [HIGH] CVE-2017-2377: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2377 Component: WebKit Web Inspector Impact: Closing a window while paused in the debugger may lead to unexpected application termination Description: A memory corruption issue was addressed through improved input validation.

CVE-2017-2419 [HIGH] CVE-2017-2419: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2419 Component: WebKit Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.

CVE-2020-9917 [HIGH] CVE-2020-9917: This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A re This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.

CVE-2017-13903 [HIGH] CVE-2017-13903: iOS 11.2.1 Apple Security Update: About the security content of iOS 11.2.1 Product: iOS Version: 11.2.1 CVE: CVE-2017-13903 Component: HomeKit Impact: A remote attacker may be able to unexpectedly alter application state Description: A message handling issue was addressed with improved input validation.

CVE-2019-8573 [HIGH] CWE-20 CVE-2019-8573: An input validation issue was addressed with improved input validation. This issue is fixed in macOS An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service.

CVE-2018-4277 [HIGH] CVE-2018-4277: iOS 11.4.1 Apple Security Update: About the security content of iOS 11.4.1 Product: iOS Version: 11.4.1 CVE: CVE-2018-4277 Component: LinkPresentation Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2020-9844 [HIGH] CWE-415 CVE-2020-9844: A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 a A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2018-4398 [HIGH] CVE-2018-4398: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4398 Component: CoreCrypto Impact: An attacker may be able to exploit a weakness in the Miller-Rabin primality test to incorrectly identify prime numbers Description: An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes.

CVE-2016-4711 [HIGH] CVE-2016-4711: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4711 Component: CommonCrypto Impact: An application using CCrypt may disclose sensitive plaintext if the output and input buffer are the same Description: An input validation issue existed in corecrypto. This issue was addressed through improved input validation.

CVE-2020-9826 [HIGH] CWE-20 CVE-2020-9826: A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 1 A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

CVE-2019-8665 [HIGH] CWE-20 CVE-2019-8665: A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, w A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.

CVE-2022-32793 [HIGH] CVE-2022-32793: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32793 Component: GPU Drivers Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2017-9049 [HIGH] CVE-2017-9049: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-9049 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2020-9931 [HIGH] CWE-20 CVE-2020-9931: A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 1 A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.

CVE-2017-7080 [HIGH] CVE-2017-7080: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7080 Component: Security Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.

CVE-2020-9914 [HIGH] CWE-20 CVE-2020-9914: An input validation issue existed in Bluetooth. This issue was addressed with improved input validat An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets.

CVE-2016-1777 [HIGH] CVE-2016-1777: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2016-1777 Component: Security Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4.