Apple iOS vulnerabilities

CVE-2018-4235 [MEDIUM] CVE-2018-4235: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4235 Component: Messages Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation.

CVE-2022-32877 [MEDIUM] CVE-2022-32877: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32877 Component: AppleMobileFileIntegrity Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions.

CVE-2016-4604 [MEDIUM] CVE-2016-4604: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4604 Component: Safari Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses to invalid ports may have allowed a malicious website to display an arbitrary domain while displaying arbitrary content. This issue was addressed through improved URL display logic.

CVE-2021-30773 [MEDIUM] CVE-2021-30773: An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks.

CVE-2019-7293 [MEDIUM] CWE-787 CVE-2019-7293: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.

CVE-2019-8510 [MEDIUM] CWE-125 CVE-2019-8510: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.

CVE-2020-3918 [MEDIUM] CVE-2020-3918: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

CVE-2018-4282 [MEDIUM] CVE-2018-4282: iOS 11.4.1 Apple Security Update: About the security content of iOS 11.4.1 Product: iOS Version: 11.4.1 CVE: CVE-2018-4282 Component: Kernel Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2019-8568 [MEDIUM] CWE-59 CVE-2019-8568: A validation issue existed in the handling of symlinks. This issue was addressed with improved valid A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system.

CVE-2022-42793 [MEDIUM] CVE-2022-42793: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-42793 Component: Security Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks.

CVE-2016-4746 [MEDIUM] CVE-2016-4746: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4746 Component: Keyboards Impact: Keyboard auto correct suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed through improved heuristics.

CVE-2017-2400 [MEDIUM] CVE-2017-2400: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2400 Component: SafariViewController Impact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache Description: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.

CVE-2020-9835 [MEDIUM] CVE-2020-9835: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.

CVE-2020-9777 [MEDIUM] CVE-2020-9777: An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.

CVE-2020-3890 [MEDIUM] CVE-2020-3890: The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Del The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.

CVE-2019-8711 [MEDIUM] CWE-20 CVE-2019-8711: A logic issue existed with the display of notification previews. This issue was addressed with impro A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.

CVE-2020-9775 [MEDIUM] CWE-665 CVE-2020-9775: An issue existed in the handling of tabs displaying picture in picture video. The issue was correcte An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.

CVE-2018-4356 [MEDIUM] CVE-2018-4356: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4356 Component: CoreMedia Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2020-9781 [MEDIUM] CWE-281 CVE-2020-9781: The issue was addressed by clearing website permission prompts after navigation. This issue is fixed The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

CVE-2015-1062 [MEDIUM] CVE-2015-1062: iOS 8.2 Apple Security Update: About the security content of iOS 8.2 Product: iOS Version: 8.2 CVE: CVE-2015-1062 Component: CVE-ID