Apple iOS vulnerabilities

CVE-2017-2486 [MEDIUM] CVE-2017-2486: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2486 Component: WebKit Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed through improved state management.

CVE-2016-7586 [MEDIUM] CVE-2016-7586: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7586 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: A validation issue was addressed through improved state management.

CVE-2017-2493 [MEDIUM] CVE-2017-2493: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2493 Component: WebKit Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation.

CVE-2016-7599 [MEDIUM] CVE-2016-7599: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7599 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.

CVE-2017-7088 [MEDIUM] CVE-2017-7088: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7088 Component: Exchange ActiveSync Impact: An attacker in a privileged network position may be able to erase a device during Exchange account setup Description: A validation issue existed in AutoDiscover V1. This was addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is now supported.

CVE-2019-8658 [MEDIUM] CWE-79 CVE-2019-8658: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS M A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2017-13860 [MEDIUM] CVE-2017-13860: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-13860 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credentials. The issue was addressed with additional checks and user control.

CVE-2016-7579 [MEDIUM] CVE-2016-7579: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-7579 Component: CFNetwork Proxies Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A phishing issue existed in the handling of proxy credentials. This issue was addressed by removing unsolicited proxy password authentication prompts.

CVE-2018-4202 [MEDIUM] CVE-2018-4202: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4202 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation.

CVE-2016-4642 [MEDIUM] CVE-2016-4642: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4642 Component: CFNetwork Proxies Impact: An application may unknowingly send a password unencrypted over the network Description: Proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.

CVE-2018-4086 [MEDIUM] CVE-2018-4086: iOS 11.2.5 Apple Security Update: About the security content of iOS 11.2.5 Product: iOS Version: 11.2.5 CVE: CVE-2018-4086 Component: Security Impact: A certificate may have name constraints applied incorrectly Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed with improved trust evaluation of certificates.

CVE-2020-9916 [MEDIUM] CVE-2020-9916: A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iO A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.

CVE-2015-5312 [MEDIUM] CVE-2015-5312: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2015-5312 Component: CVE-2015-1819

CVE-2015-3784 [MEDIUM] CVE-2015-3784: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3784 Component: CVE-ID

CVE-2015-7081 [MEDIUM] CVE-2015-7081: iOS 9.2 Apple Security Update: About the security content of iOS 9.2 Product: iOS Version: 9.2 CVE: CVE-2015-7081 Component: CVE-ID

CVE-2016-4660 [HIGH] CVE-2016-4660: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4660 Component: FontParser Impact: Parsing a maliciously crafted font may disclose sensitive user information Description: An out-of-bounds read was addressed through improved bounds checking.

CVE-2015-5774 [HIGH] CVE-2015-5774: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-5774 Component: CVE-ID

CVE-2020-9842 [HIGH] CVE-2020-9842: An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 an An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.

CVE-2016-4722 [MEDIUM] CVE-2016-4722: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4722 Component: IDS - Connectivity Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A spoofing issue existed in the handling of Call Relay. This issue was addressed through improved input validation.

CVE-2015-1078 [MEDIUM] CVE-2015-1078: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1078 Component: CVE-2015-1076