Apple iOS vulnerabilities

CVE-2019-8512 [MEDIUM] CWE-863 CVE-2019-8512: This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may aut This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.

CVE-2019-6207 [MEDIUM] CWE-125 CVE-2019-6207: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-13118 [MEDIUM] CVE-2019-13118: iOS 12.4 Apple Security Update: About the security content of iOS 12.4 Product: iOS Version: 12.4 CVE: CVE-2019-13118 Component: Image Processing Impact: Processing a maliciously crafted image may lead to a denial of service Description: A denial of service issue was addressed with improved validation.

CVE-2016-4590 [MEDIUM] CVE-2016-4590: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4590 Component: WebKit Impact: Visiting a malicious website may lead to user interface spoofing Description: An origin inheritance issue existed in parsing of about: URLs. This was addressed through improved validation of security origins.

CVE-2015-3752 [MEDIUM] CVE-2015-3752: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3752 Component: CVE-ID

CVE-2019-8521 [MEDIUM] CVE-2019-8521: This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4 This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.

CVE-2022-32883 [MEDIUM] CWE-284 CVE-2022-32883: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to read sensitive location information.

CVE-2022-32864 [MEDIUM] CVE-2022-32864: The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, i The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.

CVE-2016-7619 [MEDIUM] CVE-2016-7619: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7619 Component: Kernel Impact: A malicious application may gain access to a device's MAC address Description: An access issue was addressed through additional sandbox restrictions on third party applications.

CVE-2017-2390 [MEDIUM] CVE-2017-2390: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2390 Component: Keychain Impact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain. Description: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.

CVE-2018-4293 [MEDIUM] CVE-2018-4293: iOS 11.4.1 Apple Security Update: About the security content of iOS 11.4.1 Product: iOS Version: 11.4.1 CVE: CVE-2018-4293 Component: CFNetwork Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks.

CVE-2019-8708 [MEDIUM] CVE-2019-8708: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files.

CVE-2016-1730 [MEDIUM] CVE-2016-1730: iOS 9.2.1 Apple Security Update: About the security content of iOS 9.2.1 Product: iOS Version: 9.2.1 CVE: CVE-2016-1730 Component: CVE-ID

CVE-2016-4635 [MEDIUM] CVE-2016-4635: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4635 Component: FaceTime Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.

CVE-2019-8796 [MEDIUM] CVE-2019-8796: iOS 12.4.3 Apple Security Update: About the security content of iOS 12.4.3 Product: iOS Version: 12.4.3 CVE: CVE-2019-8796 Component: Accounts Impact: AirDrop transfers may be unexpectedly accepted while in Everyone mode Description: A logic issue was addressed with improved validation.

CVE-2017-2414 [MEDIUM] CVE-2017-2414: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2414 Component: DataAccess Impact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server Description: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.

CVE-2022-32833 [MEDIUM] CWE-922 CVE-2022-32833: An issue existed with the file paths used to store website data. The issue was resolved by improving An issue existed with the file paths used to store website data. The issue was resolved by improving how website data is stored. This issue is fixed in iOS 16. An unauthorized user may be able to access browsing history.

CVE-2020-9787 [MEDIUM] CVE-2020-9787: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.

CVE-2022-32859 [MEDIUM] CWE-642 CVE-2022-32859: A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted c A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.

CVE-2017-7078 [MEDIUM] CVE-2017-7078: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7078 Component: Mail Drafts Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.