Apple iOS vulnerabilities

CVE-2016-7650 [MEDIUM] CVE-2016-7650: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7650 Component: Safari Reader Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: Multiple validation issues were addressed through improved input sanitization.

CVE-2020-3885 [MEDIUM] CWE-670 CVE-2020-3885: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

CVE-2020-3887 [MEDIUM] CVE-2020-3887: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

CVE-2017-7066 [MEDIUM] CVE-2017-7066: iOS 10.3.3 Apple Security Update: About the security content of iOS 10.3.3 Product: iOS Version: 10.3.3 CVE: CVE-2017-7066 Component: Wi-Fi Impact: An attacker in Wi-Fi range may be able to cause a denial of service on the Wi-Fi chip Description: A memory corruption issue was addressed with improved validation.

CVE-2016-1833 [MEDIUM] CVE-2016-1833: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1833 Component: CVE-ID Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2021-30776 [MEDIUM] CVE-2021-30776: A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination.

CVE-2017-2502 [MEDIUM] CVE-2017-2502: iOS 10.3.2 Apple Security Update: About the security content of iOS 10.3.2 Product: iOS Version: 10.3.2 CVE: CVE-2017-2502 Component: CoreAudio Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2016-1802 [MEDIUM] CVE-2016-1802: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1802 Component: CVE-ID

CVE-2016-4680 [MEDIUM] CVE-2016-4680: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4680 Component: Kernel Impact: An application may be able to disclose kernel memory Description: A validation issue was addressed through improved input sanitization.

CVE-2018-4104 [MEDIUM] CVE-2018-4104: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4104 Component: Kernel Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4391 [MEDIUM] CVE-2018-4391: iOS 12.1 Apple Security Update: About the security content of iOS 12.1 Product: iOS Version: 12.1 CVE: CVE-2018-4391 Component: Messages Impact: Processing a maliciously crafted text message may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2018-4390 [MEDIUM] CVE-2018-4390: iOS 11.3 Apple Security Update: About the security content of iOS 11.3 Product: iOS Version: 11.3 CVE: CVE-2018-4390 Component: LinkPresentation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-6976 [MEDIUM] CVE-2017-6976: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-6976 Component: Sandbox Profiles Impact: A malicious application may be able to access the iCloud user record of a signed in user Description: An access issue was addressed through additional sandbox restrictions on third party applications.

CVE-2018-4355 [MEDIUM] CVE-2018-4355: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4355 Component: Heimdal Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4333 [MEDIUM] CVE-2018-4333: iOS 12 Apple Security Update: About the security content of iOS 12 Product: iOS Version: 12 CVE: CVE-2018-4333 Component: Crash Reporter Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization.

CVE-2017-7131 [MEDIUM] CVE-2017-7131: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7131 Component: Bluetooth Impact: An application may be able to access restricted files Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.

CVE-2017-13806 [MEDIUM] CVE-2017-13806: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13806 Component: Profiles Impact: Device pairing records could be inadvertently installed on a device when a profile that disallows pairing is installed Description: Pairings were not removed when a profile disallowing pairings was installed. This was addressed by removing pairings conflicting with the configuration profile.

CVE-2017-13828 [MEDIUM] CVE-2017-13828: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13828 Component: Fonts Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-7075 [MEDIUM] CVE-2017-7075: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-7075 Component: Notes Impact: A local user may be able to leak sensitive user information Description: The contents of locked notes sometimes appeared in search results. This issue was addressed through improved data cleanup.

CVE-2015-1118 [MEDIUM] CVE-2015-1118: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1118 Component: CVE-ID