Apple iOS vulnerabilities

CVE-2017-2439 [HIGH] CVE-2017-2439: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2439 Component: FontParser Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation.

CVE-2017-2450 [HIGH] CVE-2017-2450: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2450 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation.

CVE-2016-4743 [HIGH] CVE-2016-4743: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-4743 Component: WebKit Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory corruption issue was addressed through improved input validation.

CVE-2015-3803 [HIGH] CVE-2015-3803: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3803 Component: CVE-ID

CVE-2015-3806 [HIGH] CVE-2015-3806: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3806 Component: CVE-ID

CVE-2017-7173 [MEDIUM] CVE-2017-7173: iOS 11.2 Apple Security Update: About the security content of iOS 11.2 Product: iOS Version: 11.2 CVE: CVE-2017-7173 Component: Kernel Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2016-3619 [MEDIUM] CVE-2016-3619: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2016-3619 Component: CVE-2016-3619 Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic Description: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.

CVE-2017-6975 [MEDIUM] CVE-2017-6975: iOS 10.3.1 Apple Security Update: About the security content of iOS 10.3.1 Product: iOS Version: 10.3.1 CVE: CVE-2017-6975 Component: Wi-Fi Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A stack buffer overflow was addressed through improved input validation.

CVE-2016-4605 [MEDIUM] CVE-2016-4605: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4605 Component: Calendar Impact: A maliciously crafted calendar invite may cause a device to unexpectedly restart Description: A null pointer dereference was addressed through improved memory handling.

CVE-2017-2495 [MEDIUM] CVE-2017-2495: iOS 10.3.2 Apple Security Update: About the security content of iOS 10.3.2 Product: iOS Version: 10.3.2 CVE: CVE-2017-2495 Component: Safari Impact: Visiting a maliciously crafted webpage may lead to an application denial of service Description: An issue in Safari's history menu was addressed through improved memory handling.

CVE-2018-4250 [MEDIUM] CVE-2018-4250: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4250 Component: Messages Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation.

CVE-2018-4305 [MEDIUM] CVE-2018-4305: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4305 Component: IOUserEthernet Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2016-4585 [MEDIUM] CVE-2016-4585: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4585 Component: WebKit Page Loading Impact: A malicious website may exfiltrate data cross-origin Description: A cross-site scripting issue existed in Safari URL redirection. This issue was addressed through improved URL validation on redirection.

CVE-2017-7059 [MEDIUM] CVE-2017-7059: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7059 Component: WebKit Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management.

CVE-2018-4345 [MEDIUM] CVE-2018-4345: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4345 Component: WebKit Impact: A malicious website may exfiltrate image data cross-origin Description: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.

CVE-2019-6228 [MEDIUM] CWE-79 CVE-2019-6228: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validatio A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.

CVE-2016-7762 [MEDIUM] CVE-2016-7762: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7762 Component: WebKit Impact: Processing maliciously crafted web content may lead to cross site scripting Description: An issue existed in displaying documents in Safari. This issue was addressed through improved input validation.

CVE-2016-4741 [MEDIUM] CVE-2016-4741: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4741 Component: Assets Impact: An attacker in a privileged network position may be able to block a device from receiving software updates Description: An issue existed in iOS updates, which did not properly secure user communications. This issue was addressed by using HTTPS for software updates.

CVE-2019-8744 [MEDIUM] CWE-787 CVE-2019-8744: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with imp A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. A malicious application may be able to determine kernel memory layout.

CVE-2018-4224 [MEDIUM] CVE-2018-4224: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4224 Component: Security Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management.