Apple iOS vulnerabilities

CVE-2017-13831 [HIGH] CVE-2017-13831: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13831 Component: ImageIO Impact: Processing a maliciously crafted image may lead to a denial of service Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-9894 [MEDIUM] CWE-125 CVE-2020-9894: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2016-1784 [MEDIUM] CVE-2016-1784: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1784 Component: CVE-ID

CVE-2016-7601 [MEDIUM] CVE-2016-7601: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7601 Component: Local Authentication Impact: The device may not lock the screen after the idle timeout Description: A logic issue existed in the handling of the idle timer when the Touch ID prompt is shown. This issue was addressed through improved handling of the idle timer.

CVE-2016-4781 [MEDIUM] CVE-2016-4781: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-4781 Component: SpringBoard Impact: A person with physical access to an iOS device may be able to unlock the device Description: In some cases, a counter issue existed in the handling of passcode attempts when resetting the passcode. This was addressed through improved state management.

CVE-2020-9946 [MEDIUM] CWE-667 CVE-2020-9946: This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watc This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.

CVE-2016-7627 [MEDIUM] CVE-2016-7627: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7627 Component: CoreGraphics Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-4618 [MEDIUM] CVE-2016-4618: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4618 Component: Safari Reader Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: Multiple validation issues were addressed through improved input sanitization.

CVE-2016-7636 [MEDIUM] CVE-2016-7636: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7636 Component: Security Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate.

CVE-2018-4290 [MEDIUM] CVE-2018-4290: iOS 11.4.1 Apple Security Update: About the security content of iOS 11.4.1 Product: iOS Version: 11.4.1 CVE: CVE-2018-4290 Component: Emoji Impact: Processing an emoji under certain configurations may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1836 Component: CVE-ID Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2019-8540 [MEDIUM] CWE-665 CVE-2019-8540: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2019-8794 [MEDIUM] CWE-20 CVE-2019-8794: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 a A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to read restricted memory.

CVE-2021-30791 [MEDIUM] CWE-125 CVE-2021-30791: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information.

CVE-2020-3875 [MEDIUM] CWE-125 CVE-2020-3875: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.

CVE-2020-9968 [MEDIUM] CVE-2020-9968: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.

CVE-2017-7083 [MEDIUM] CVE-2017-7083: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7083 Component: CFNetwork Proxies Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling.

CVE-2020-9902 [MEDIUM] CWE-125 CVE-2020-9902: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.

CVE-2019-8789 [MEDIUM] CWE-59 CVE-2019-8789: A validation issue existed in the handling of symlinks. This issue was addressed with improved valid A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information.

CVE-2019-8705 [MEDIUM] CVE-2019-8705: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8705 Component: CoreAudio Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation.