Apple iOS vulnerabilities

CVE-2019-8760 [MEDIUM] CWE-287 CVE-2019-8760: This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13 This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID.

CVE-2016-4651 [MEDIUM] CVE-2016-4651: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4651 Component: WebKit JavaScript Bindings Impact: Visiting a maliciously crafted website may lead to script execution in the context of a non-HTTP service Description: A cross-protocol cross-site scripting (XPXSS) issue existed in Safari when submitting forms to non-HTTP services compatible with HTTP/0.9. This issue was addressed by disabling s

CVE-2019-8804 [MEDIUM] CWE-287 CVE-2019-8804: An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 1 An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

CVE-2021-30768 [MEDIUM] CVE-2021-30768: A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2018-4413 [MEDIUM] CVE-2018-4413: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4413 Component: Kernel Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling.

CVE-2019-6231 [MEDIUM] CWE-125 CVE-2019-6231: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.

CVE-2017-13804 [MEDIUM] CVE-2017-13804: iOS 11.1 Apple Security Update: About the security content of iOS 11.1 Product: iOS Version: 11.1 CVE: CVE-2017-13804 Component: StreamingZip Impact: A malicious zip file may be able modify restricted areas of the file system Description: A path handling issue was addressed with improved validation.

CVE-2020-9797 [MEDIUM] CVE-2020-9797: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.

CVE-2020-3872 [MEDIUM] CWE-665 CVE-2020-3872: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.

CVE-2018-4433 [MEDIUM] CVE-2018-4433: A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojav A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system.

CVE-2020-3914 [MEDIUM] CWE-401 CVE-2020-3914: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.

CVE-2020-9809 [MEDIUM] CVE-2020-9809: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.

CVE-2019-8582 [MEDIUM] CWE-125 CVE-2019-8582: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory.

CVE-2018-4399 [MEDIUM] CVE-2018-4399: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4399 Component: Kernel Impact: A malicious application may be able to leak sensitive user information Description: An access issue existed with privileged API calls. This issue was addressed with additional restrictions.

CVE-2019-8560 [MEDIUM] CWE-125 CVE-2019-8560: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to read restricted memory.

CVE-2016-4771 [MEDIUM] CVE-2016-4771: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4771 Component: Kernel Impact: A local application may be able to access restricted files Description: A parsing issue in the handling of directory paths was addressed through improved path validation.

CVE-2019-8731 [MEDIUM] CWE-276 CVE-2019-8731: A permissions issue existed in which execute permission was incorrectly granted. This issue was addr A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information.

CVE-2019-8532 [MEDIUM] CVE-2019-8532: A permissions issue was addressed by removing vulnerable code and adding additional checks. This iss A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files.

CVE-2022-32881 [MEDIUM] CVE-2022-32881: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32881 Component: Sandbox Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions.

CVE-2021-30871 [MEDIUM] CVE-2021-30871: This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data.