Apple iOS vulnerabilities

1,765 known vulnerabilities affecting apple/ios.

Total CVEs

1,765

CISA KEV

actively exploited

Public exploits

229

Exploited in wild

Severity breakdown

CRITICAL119HIGH907MEDIUM638LOW94UNKNOWN7

Vulnerabilities

SortPage 58 of 89

CVE-2018-4113P4MEDIUMCVSS 6.5v11.32018-03-29

CVE-2018-4113 [MEDIUM] CVE-2018-4113: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4113 Component: WebKit Impact: Unexpected interaction with indexing types causing an ASSERT failure Description: An array indexing issue existed in the handling of a function in javascript core. This issue was addressed through improved checks

apple

CVE-2014-8840P4MEDIUMCVSS 6.8v8.1.3

CVE-2014-8840 [MEDIUM] CVE-2014-8840: iOS 8.1.3 Apple Security Update: About the security content of iOS 8.1.3 Product: iOS Version: 8.1.3 CVE: CVE-2014-8840 Component: CVE-ID

apple

CVE-2016-4763P4MEDIUMCVSS 6.8v102016-09-13

CVE-2016-4763 [MEDIUM] CVE-2016-4763: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4763 Component: WebKit Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation.

apple

CVE-2017-7011P4MEDIUMCVSS 6.5v10.3.32017-07-19

CVE-2017-7011 [MEDIUM] CVE-2017-7011: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7011 Component: WebKit Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed with improved frame handling.

apple

CVE-2016-1782P4MEDIUMCVSS 6.5v9.3

CVE-2016-1782 [MEDIUM] CVE-2016-1782: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1782 Component: CVE-ID

apple

CVE-2017-7106P4MEDIUMCVSS 6.5v112017-09-19

CVE-2017-7106 [MEDIUM] CVE-2017-7106: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7106 Component: WebKit Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management.

apple

CVE-2018-4460P4MEDIUMCVSS 6.5v12.1.12018-12-05

CVE-2018-4460 [MEDIUM] CVE-2018-4460: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4460 Component: Kernel Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed by removing the vulnerable code.

apple

CVE-2016-7598P4MEDIUMCVSS 6.5v10.22016-12-12

CVE-2016-7598 [MEDIUM] CVE-2016-7598: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7598 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An uninitialized memory access issue was addressed through improved memory initialization.

apple

CVE-2019-8525P4MEDIUMCVSS 6.7≥ unspecified, < 12.22020-10-27

CVE-2019-8525 [MEDIUM] CWE-787 CVE-2019-8525: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary c

nvdapple

CVE-2019-8570P4MEDIUMCVSS 6.5≥ unspecified, < 12.12020-10-27

CVE-2019-8570 [MEDIUM] CVE-2019-8570: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iClou A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.

nvdapple

CVE-2018-4444P4MEDIUMCVSS 6.5≥ unspecified, < 12.12020-10-27

CVE-2018-4444 [MEDIUM] CVE-2018-4444: A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iO A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.

nvdapple

CVE-2019-8517P4MEDIUMCVSS 6.5≥ unspecified, < iOS 12.22019-12-18

CVE-2019-8517 [MEDIUM] CWE-125 CVE-2019-8517: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted font may result in the disclosure of process memory.

nvdapple

CVE-2020-9925P4MEDIUMCVSS 6.1≥ unspecified, < iOS 13.6 and iPadOS 13.62020-10-16

CVE-2020-9925 [MEDIUM] CWE-79 CVE-2020-9925: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.

nvd

CVE-2018-4174P4MEDIUMCVSS 5.9v11.32018-03-29

CVE-2018-4174 [MEDIUM] CVE-2018-4174: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4174 Component: Mail Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail Description: An inconsistent user interface issue was addressed with improved state management.

apple

CVE-2016-1788P4MEDIUMCVSS 5.9v9.3

CVE-2016-1788 [MEDIUM] CVE-2016-1788: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1788 Component: CVE-ID

apple

CVE-2017-2448P4MEDIUMCVSS 5.9v10.32017-03-27

CVE-2017-2448 [MEDIUM] CVE-2017-2448: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2448 Component: Keychain Impact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain. Description: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.

apple

CVE-2018-4215P4HIGHCVSS 7.8v11.42018-05-29

CVE-2018-4215 [HIGH] CVE-2018-4215: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4215 Component: Bluetooth Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation.

apple

CVE-2016-7655P4HIGHCVSS 7.8v10.22016-12-12

CVE-2016-7655 [HIGH] CVE-2016-7655: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7655 Component: CoreMedia External Displays Impact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon Description: A type confusion issue was addressed through improved memory handling.

apple

CVE-2015-1092P4MEDIUMCVSS 5.0v8.3

CVE-2015-1092 [MEDIUM] CVE-2015-1092: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1092 Component: CVE-ID

apple

CVE-2014-4493P4HIGHCVSS 7.5v8.1.3

CVE-2014-4493 [HIGH] CVE-2014-4493: iOS 8.1.3 Apple Security Update: About the security content of iOS 8.1.3 Product: iOS Version: 8.1.3 CVE: CVE-2014-4493 Component: CVE-ID

apple

← Previous58 / 89Next →