Apple iOS vulnerabilities

CVE-2018-4221 [HIGH] CVE-2018-4221: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4221 Component: Security Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.

CVE-2017-2484 [HIGH] CVE-2017-2484: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2484 Component: CVE-2017-2484

CVE-2020-9823 [HIGH] CVE-2020-9823: This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. User This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.

CVE-2017-13888 [HIGH] CVE-2017-13888: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-13888 Component: ReplayKit Impact: A user may not have control over their screen broadcast Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9820 [HIGH] CVE-2020-9820: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.

CVE-2017-9233 [HIGH] CVE-2017-9233: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-9233 Component: CVE-2017-9233 Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2014-4493 [HIGH] CVE-2014-4493: iOS 8.1.3 Apple Security Update: About the security content of iOS 8.1.3 Product: iOS Version: 8.1.3 CVE: CVE-2014-4493 Component: CVE-ID

CVE-2018-4274 [HIGH] CVE-2018-4274: iOS 11.4.1 Apple Security Update: About the security content of iOS 11.4.1 Product: iOS Version: 11.4.1 CVE: CVE-2018-4274 Component: WebKit Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2016-7662 [HIGH] CVE-2016-7662: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7662 Component: Security Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates.

CVE-2016-1779 [MEDIUM] CVE-2016-1779: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1779 Component: CVE-ID

CVE-2016-1766 [HIGH] CVE-2016-1766: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1766 Component: CVE-ID

CVE-2016-4689 [HIGH] CVE-2016-4689: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-4689 Component: Mail Impact: An email signed with a revoked certificate may appear valid Description: S/MIME policy failed to check if a certificate was valid. This issue was addressed by notifying a user if an email was signed with a revoked certificate.

CVE-2016-4693 [HIGH] CVE-2016-4693: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-4693 Component: Security Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher.

CVE-2018-4436 [HIGH] CVE-2018-4436: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4436 Component: Profiles Impact: An untrusted configuration profile may be incorrectly displayed as verified Description: A certificate validation issue existed in configuration profiles. This was addressed with additional checks.

CVE-2017-2498 [HIGH] CVE-2017-2498: iOS 10.3.2 Apple Security Update: About the security content of iOS 10.3.2 Product: iOS Version: 10.3.2 CVE: CVE-2017-2498 Component: Security Impact: Update to the certificate trust policy Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.

CVE-2020-9903 [HIGH] CWE-346 CVE-2020-9903: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.

CVE-2017-2380 [HIGH] CVE-2017-2380: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2380 Component: Profiles Impact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm Description: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.

CVE-2015-6978 [MEDIUM] CVE-2015-6978: iOS 9.1 Apple Security Update: About the security content of iOS 9.1 Product: iOS Version: 9.1 CVE: CVE-2015-6978 Component: CVE-2015-5942

CVE-2015-1098 [HIGH] CVE-2015-1098: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1098 Component: CVE-ID

CVE-2015-1102 [HIGH] CVE-2015-1102: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1102 Component: CVE-ID