Apple iOS vulnerabilities

CVE-2016-1811 [MEDIUM] CVE-2016-1811: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1811 Component: CVE-ID

CVE-2016-1734 [MEDIUM] CVE-2016-1734: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1734 Component: CVE-ID

CVE-2016-4587 [MEDIUM] CVE-2016-4587: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4587 Component: WebKit Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: A memory initialization issue was addressed through improved memory handling.

CVE-2017-2412 [MEDIUM] CVE-2017-2412: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2412 Component: CVE-2016-3619 Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.

CVE-2017-2475 [MEDIUM] CVE-2017-2475: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2475 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame handling. This issue was addressed through improved state management.

CVE-2019-8674 [MEDIUM] CWE-79 CVE-2019-8674: A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13 A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2017-2492 [MEDIUM] CVE-2017-2492: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2492 Component: JavaScriptCore Impact: Processing a maliciously crafted web page may lead to universal cross site scripting Description: A prototype issue was addressed through improved logic.

CVE-2016-1760 [MEDIUM] CVE-2016-1760: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1760 Component: CVE-ID Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2015-1067 [MEDIUM] CVE-2015-1067: iOS 8.2 Apple Security Update: About the security content of iOS 8.2 Product: iOS Version: 8.2 CVE: CVE-2015-1067 Component: CVE-ID

CVE-2018-4232 [MEDIUM] CVE-2018-4232: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4232 Component: WebKit Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.

CVE-2015-7023 [MEDIUM] CVE-2015-7023: iOS 9.1 Apple Security Update: About the security content of iOS 9.1 Product: iOS Version: 9.1 CVE: CVE-2015-7023 Component: CVE-ID Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.

CVE-2016-4721 [MEDIUM] CVE-2016-4721: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4721 Component: IDS - Connectivity Impact: An attacker in a privileged network position may be able to trick a user on a multi-party call into believing they are talking to the other party Description: An impersonation issue existed in the handling of call switching. This issue was addressed through improved handling of "switch caller" notification

CVE-2016-4685 [MEDIUM] CVE-2016-4685: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4685 Component: IDS - Connectivity Impact: An attacker in a privileged network position may be able to trick a user on a multi-party call into believing they are talking to the other party Description: An impersonation issue existed in the handling of call switching. This issue was addressed through improved handling of "switch caller" notification

CVE-2015-5770 [MEDIUM] CVE-2015-5770: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-5770 Component: CVE-ID

CVE-2017-13080 [MEDIUM] CVE-2017-13080: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-13080 Component: Wi-Fi Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2019-8530 [MEDIUM] CVE-2019-8530: This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4 This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.

CVE-2019-8798 [MEDIUM] CWE-787 CVE-2019-8798: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges.

CVE-2017-7006 [MEDIUM] CVE-2017-7006: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7006 Component: WebKit Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filter

CVE-2021-30769 [MEDIUM] CWE-287 CVE-2021-30769: A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14 A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

CVE-2022-32928 [MEDIUM] CVE-2022-32928: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32928 Component: Exchange Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions.