Apple iOS vulnerabilities

CVE-2018-4226 [MEDIUM] CVE-2018-4226: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4226 Component: Security Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management.

CVE-2018-4225 [MEDIUM] CVE-2018-4225: iOS 11.4 Apple Security Update: About the security content of iOS 11.4 Product: iOS Version: 11.4 CVE: CVE-2018-4225 Component: Security Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management.

CVE-2022-32916 [MEDIUM] CWE-125 CVE-2022-32916: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 16. An app may be able to disclose kernel memory.

CVE-2020-9772 [MEDIUM] CVE-2020-9772: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2022-32858 [MEDIUM] CVE-2022-32858: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32858 Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling.

CVE-2018-4448 [MEDIUM] CVE-2018-4448: A memory initialization issue was addressed with improved memory handling. This issue is fixed in ma A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kern

CVE-2022-32909 [MEDIUM] CWE-524 CVE-2022-32909: The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may The issue was addressed with improved handling of caches. This issue is fixed in iOS 16. An app may be able to access user-sensitive data.

CVE-2019-8702 [MEDIUM] CWE-668 CVE-2019-8702: This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Securi This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.

CVE-2019-8546 [MEDIUM] CVE-2019-8546: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.

CVE-2018-4380 [MEDIUM] CVE-2018-4380: iOS 12.0.1 Apple Security Update: About the security content of iOS 12.0.1 Product: iOS Version: 12.0.1 CVE: CVE-2018-4380 Component: VoiceOver Impact: A local attacker may be able to view photos and contacts from the lock screen Description: A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device.

CVE-2018-4379 [MEDIUM] CVE-2018-4379: iOS 12.0.1 Apple Security Update: About the security content of iOS 12.0.1 Product: iOS Version: 12.0.1 CVE: CVE-2018-4379 Component: Quick Look Impact: A local attacker may be able to share items from the lock screen Description: A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.

CVE-2017-13817 [MEDIUM] CVE-2017-13817: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13817 Component: Kernel Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.

CVE-2018-4339 [MEDIUM] CVE-2018-4339: This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may b This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.

CVE-2020-9964 [MEDIUM] CWE-665 CVE-2020-9964: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.

CVE-2019-8704 [MEDIUM] CVE-2019-8704: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8704 Component: Keyboards Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management.

CVE-2019-8504 [MEDIUM] CWE-665 CVE-2019-8504: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.

CVE-2020-3874 [MEDIUM] CWE-212 CVE-2020-3874: An issued existed in the naming of screenshots. The issue was corrected with improved naming. This i An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content.

CVE-2017-7142 [MEDIUM] CVE-2017-7142: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7142 Component: WebKit Storage Impact: Website data may persist after a Safari Private browsing session Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.

CVE-2015-8242 [MEDIUM] CVE-2015-8242: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2015-8242 Component: CVE-2015-7499

CVE-2017-7140 [MEDIUM] CVE-2017-7140: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7140 Component: Keyboard Suggestions Impact: Keyboard autocorrect suggestions may reveal sensitive information Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.