Apple iOS vulnerabilities

1,765 known vulnerabilities affecting apple/ios.

Total CVEs

1,765

CISA KEV

actively exploited

Public exploits

229

Exploited in wild

Severity breakdown

CRITICAL119HIGH907MEDIUM638LOW94UNKNOWN7

Vulnerabilities

SortPage 66 of 89

CVE-2018-4429P4MEDIUMCVSS 6.5v12.1.12018-12-05

CVE-2018-4429 [MEDIUM] CVE-2018-4429: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4429 Component: LinkPresentation Impact: Processing a maliciously crafted email may lead to user interface spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

apple

CVE-2018-4362P4MEDIUMCVSS 6.5v122018-09-17

CVE-2018-4362 [MEDIUM] CVE-2018-4362: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4362 Component: SafariViewController Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management.

apple

CVE-2016-7623P4MEDIUMCVSS 6.5v10.22016-12-12

CVE-2016-7623 [MEDIUM] CVE-2016-7623: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7623 Component: WebKit Impact: Visiting a maliciously crafted website may compromise user information Description: An issue existed in the handling of blob URLs. This issue was addressed through improved URL handling.

apple

CVE-2019-6229P4MEDIUMCVSS 6.1≥ unspecified, < iOS 12.1.32019-03-05

CVE-2019-6229 [MEDIUM] CWE-79 CVE-2019-6229: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.

nvdapple

CVE-2019-8551P4MEDIUMCVSS 6.1≥ unspecified, < iOS 12.22019-12-18

CVE-2019-8551 [MEDIUM] CWE-79 CVE-2019-8551: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Sa A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.

nvdapple

CVE-2018-4431P4MEDIUMCVSS 5.5v12.1.12018-12-05

CVE-2018-4431 [MEDIUM] CVE-2018-4431: iOS 12.1.1 Apple Security Update: About the security content of iOS 12.1.1 Product: iOS Version: 12.1.1 CVE: CVE-2018-4431 Component: Kernel Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling.

apple

CVE-2019-8753P4MEDIUMCVSS 6.1≥ unspecified, < 132020-10-27

CVE-2019-8753 [MEDIUM] CWE-79 CVE-2019-8753: This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack.

nvdapple

CVE-2017-2549P4MEDIUMCVSS 6.1v10.3.22017-05-15

CVE-2017-2549 [MEDIUM] CVE-2017-2549: iOS 10.3.2 Apple Security Update: About the security content of iOS 10.3.2 Product: iOS Version: 10.3.2 CVE: CVE-2017-2549 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management.

apple

CVE-2019-8813P4MEDIUMCVSS 6.1≥ unspecified, < iOS 13.2 and iPadOS 13.22019-12-18

CVE-2019-8813 [MEDIUM] CWE-79 CVE-2019-8813: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.

nvd

CVE-2017-2497P4MEDIUMCVSS 6.1v10.3.22017-05-15

CVE-2017-2497 [MEDIUM] CVE-2017-2497: iOS 10.3.2 Apple Security Update: About the security content of iOS 10.3.2 Product: iOS Version: 10.3.2 CVE: CVE-2017-2497 Component: Foundation Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling.

apple

CVE-2018-4266P4MEDIUMCVSS 5.9v11.4.12018-07-09

CVE-2018-4266 [MEDIUM] CVE-2018-4266: iOS 11.4.1 Apple Security Update: About the security content of iOS 11.4.1 Product: iOS Version: 11.4.1 CVE: CVE-2018-4266 Component: WebKit Impact: A malicious website may be able to cause a denial of service Description: A race condition was addressed with additional validation.

apple

CVE-2017-7164P4MEDIUMCVSS 5.9v11.22017-12-02

CVE-2017-7164 [MEDIUM] CVE-2017-7164: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-7164 Component: App Store Impact: An attacker in a privileged network position may be able to spoof password prompts in App Store Description: An input validation issue was addressed through improved input validation.

apple

CVE-2017-13863P4MEDIUMCVSS 5.9v112017-09-19

CVE-2017-13863 [MEDIUM] CVE-2017-13863: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13863 Component: APNs Impact: An attacker in a privileged network position could track a user Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol.

apple

CVE-2017-13078P4MEDIUMCVSS 5.3v11.12017-10-31

CVE-2017-13078 [MEDIUM] CVE-2017-13078: iOS 11.1 Apple Security Update: About the security content of iOS 11.1 Product: iOS Version: 11.1 CVE: CVE-2017-13078 Component: Wi-Fi Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

apple

CVE-2015-3751P4MEDIUMCVSS 5.0v8.4.1

CVE-2015-3751 [MEDIUM] CVE-2015-3751: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3751 Component: CVE-ID

apple

CVE-2015-1065P4MEDIUMCVSS 5.4v8.2

CVE-2015-1065 [MEDIUM] CVE-2015-1065: iOS 8.2 Apple Security Update: About the security content of iOS 8.2 Product: iOS Version: 8.2 CVE: CVE-2015-1065 Component: CVE-ID

apple

CVE-2015-7942P4MEDIUMCVSS 5.0v9.3

CVE-2015-7942 [MEDIUM] CVE-2015-7942: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2015-7942 Component: CVE-2015-7499

apple

CVE-2015-6994P4HIGHCVSS 7.1v9.1

CVE-2015-6994 [HIGH] CVE-2015-6994: iOS 9.1 Apple Security Update: About the security content of iOS 9.1 Product: iOS Version: 9.1 CVE: CVE-2015-6994 Component: CVE-ID Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in DNS data parsing. These issues were addressed through improved bounds checking.

apple

CVE-2015-3726P4MEDIUMCVSS 4.6v8.4

CVE-2015-3726 [MEDIUM] CVE-2015-3726: iOS 8.4 Apple Security Update: About the security content of iOS 8.4 Product: iOS Version: 8.4 CVE: CVE-2015-3726 Component: CVE-ID

apple

CVE-2017-7151P4HIGHCVSS 7.0v11.22017-12-02

CVE-2017-7151 [HIGH] CVE-2017-7151: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-7151 Component: CoreFoundation Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with additional validation.

apple

← Previous66 / 89Next →