Apple iOS vulnerabilities
1,765 known vulnerabilities affecting apple/ios.
Total CVEs
1,765
CISA KEV
27
actively exploited
Public exploits
227
Exploited in wild
30
Severity breakdown
CRITICAL119HIGH907MEDIUM638LOW94UNKNOWN7
Vulnerabilities
Page 6 of 89
CVE-2021-1879MEDIUMCVSS 6.1KEV≥ unspecified, < 12.52021-04-02
CVE-2021-1879 [MEDIUM] CWE-79 CVE-2021-1879: This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
nvd
CVE-2020-27929MEDIUMCVSS 5.5≥ unspecified, < 12.42020-12-08
CVE-2020-27929 [MEDIUM] CVE-2020-27929: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.
nvd
CVE-2019-8547CRITICALCVSS 9.8≥ unspecified, < 12.22020-10-27
CVE-2019-8547 [CRITICAL] CWE-125 CVE-2019-8547: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
nvdapple
CVE-2019-8531CRITICALCVSS 9.8≥ unspecified, < 12.22020-10-27
CVE-2019-8531 [CRITICAL] CWE-295 CVE-2019-8531: A validation issue existed in Trust Anchor Management. This issue was addressed with improved valida
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.
nvdapple
CVE-2019-8756CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8756 [CRITICAL] CWE-787 CVE-2019-8756: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
nvdapple
CVE-2019-8749CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8749 [CRITICAL] CWE-787 CVE-2019-8749: Multiple memory corruption issues were addressed with improved input validation. This issue is fixed
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
nvdapple
CVE-2019-8746CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8746 [CRITICAL] CWE-125 CVE-2019-8746: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected ap
nvdapple
CVE-2019-7288CRITICALCVSS 9.8≥ unspecified, < 12.12020-10-27
CVE-2019-7288 [CRITICAL] CVE-2019-7288: The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macO
The issue was addressed with improved validation on the FaceTime server. This issue is fixed in macOS Mojave 10.14.3 Supplemental Update, iOS 12.1.4. A thorough security audit of the FaceTime service uncovered an issue with Live Photos .
nvdapple
CVE-2019-8712CRITICALCVSS 9.8≥ unspecified, < 132020-10-27
CVE-2019-8712 [CRITICAL] CWE-787 CVE-2019-8712: A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchO
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges.
nvdapple
CVE-2018-4428HIGHCVSS 7.1≥ unspecified, < 12.12020-10-27
CVE-2018-4428 [HIGH] CVE-2018-4428: A lock screen issue allowed access to the share function on a locked device. This issue was addresse
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen.
nvdapple
CVE-2019-8715HIGHCVSS 7.8≥ unspecified, < 132020-10-27
CVE-2019-8715 [HIGH] CWE-787 CVE-2019-8715: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.
nvdapple
CVE-2019-8639HIGHCVSS 8.8≥ unspecified, < 12.22020-10-27
CVE-2019-8639 [HIGH] CWE-787 CVE-2019-8639: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2019-8825HIGHCVSS 8.8≥ unspecified, < 132020-10-27
CVE-2019-8825 [HIGH] CWE-787 CVE-2019-8825: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code ex
nvdapple
CVE-2019-8638HIGHCVSS 8.8≥ unspecified, < 12.22020-10-27
CVE-2019-8638 [HIGH] CWE-787 CVE-2019-8638: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 5.2, iCloud for Windows 7.11, iOS 12.2, iTunes 12.9.4 for Windows, Safari 12.1. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2019-8631HIGHCVSS 7.5≥ unspecified, < 12.32020-10-27
CVE-2019-8631 [HIGH] CVE-2019-8631: A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.1
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.
nvdapple
CVE-2019-8734HIGHCVSS 8.8≥ unspecified, < 132020-10-27
CVE-2019-8734 [HIGH] CWE-787 CVE-2019-8734: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, Safari 13, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2019-8633HIGHCVSS 7.5≥ unspecified, < 12.32020-10-27
CVE-2019-8633 [HIGH] CWE-20 CVE-2019-8633: A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Moja
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.
nvdapple
CVE-2019-8592HIGHCVSS 7.8≥ unspecified, < 12.32020-10-27
CVE-2019-8592 [HIGH] CWE-20 CVE-2019-8592: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, tvOS 12.3, watchOS 5.2.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, iOS 13. Playing a mal
nvdapple
CVE-2018-4474HIGHCVSS 7.5≥ unspecified, < 122020-10-27
CVE-2018-4474 [HIGH] CWE-400 CVE-2018-4474: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iClou
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.
nvdapple
CVE-2019-8854HIGHCVSS 7.5≥ unspecified, < 132020-10-27
CVE-2019-8854 [HIGH] CVE-2019-8854: A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in mac
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
nvdapple