Apple iOS vulnerabilities

CVE-2017-2376 [HIGH] CVE-2017-2376: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2376 Component: Safari Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed by disabling text input until the destination page loads.

CVE-2017-13874 [HIGH] CVE-2017-13874: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-13874 Component: Mail Impact: Incorrect certificate is used for encryption Description: A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate.

CVE-2021-30798 [HIGH] CVE-2021-30798: A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS B A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences.

CVE-2019-8620 [HIGH] CWE-200 CVE-2019-8620: A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.

CVE-2019-8633 [HIGH] CWE-20 CVE-2019-8633: A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Moja A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.

CVE-2019-8854 [HIGH] CVE-2019-8854: A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in mac A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.

CVE-2018-4227 [HIGH] CVE-2018-4227: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4227 Component: Mail Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.

CVE-2018-4203 [HIGH] CVE-2018-4203: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4203 Component: Symptom Framework Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2019-8788 [HIGH] CWE-20 CVE-2019-8788: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. Th An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.

CVE-2018-4137 [HIGH] CVE-2018-4137: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4137 Component: CVE-2018-4137

CVE-2017-7133 [HIGH] CVE-2017-7133: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7133 Component: MobileBackup Impact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2020-9911 [HIGH] CVE-2020-9911: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.

CVE-2019-8567 [HIGH] CWE-200 CVE-2019-8567: A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.

CVE-2019-8699 [HIGH] CVE-2019-8699: A logic issue existed in the handling of answering phone calls. The issue was addressed with improve A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection.

CVE-2018-4369 [HIGH] CVE-2018-4369: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4369 Component: NetworkExtension Impact: Connecting to a VPN server may leak DNS queries to a DNS proxy Description: A logic issue was addressed with improved state management.

CVE-2017-9050 [HIGH] CVE-2017-9050: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-9050 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2022-22643 [HIGH] CVE-2022-22643: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-22643 Component: FaceTime Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks.

CVE-2019-8631 [HIGH] CVE-2019-8631: A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.1 A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.

CVE-2019-8618 [HIGH] CVE-2019-8618: A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mo A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2018-4329 [HIGH] CVE-2018-4329: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4329 Component: Safari Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.