Apple iOS vulnerabilities

CVE-2016-7597 [MEDIUM] CVE-2016-7597: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7597 Component: SpringBoard Impact: A person with physical access to an iOS device may be able to keep the device unlocked Description: A cleanup issue existed in the handling of Handoff with Siri. This was addressed through improved state management.

CVE-2015-3759 [MEDIUM] CVE-2015-3759: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3759 Component: CVE-ID

CVE-2019-8906 [MEDIUM] CVE-2019-8906: iOS 12.2 Apple Security Update: About the security content of iOS 12.2 Product: iOS Version: 12.2 CVE: CVE-2019-8906 Component: Feedback Assistant Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks.

CVE-2016-7759 [MEDIUM] CVE-2016-7759: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-7759 Component: Springboard Impact: Sensitive data may be exposed in application snapshots presented in the Task Switcher Description: An issue existed in Springboard which displayed cached snapshots containing sensitive data in the Task Switcher. This issue was addressed by displaying updated snapshots.

CVE-2016-7577 [LOW] CVE-2016-7577: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-7577 Component: FaceTime Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved protocol logic.

CVE-2020-9792 [MEDIUM] CWE-20 CVE-2020-9792: A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 a A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.

CVE-2015-1087 [LOW] CVE-2015-1087: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1087 Component: CVE-ID

CVE-2015-1099 [MEDIUM] CVE-2015-1099: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1099 Component: CVE-ID

CVE-2017-13852 [LOW] CVE-2017-13852: iOS 11.1 Apple Security Update: About the security content of iOS 11.1 Product: iOS Version: 11.1 CVE: CVE-2017-13852 Component: Kernel Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device. Description: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed through rate limiting.

CVE-2017-13877 [LOW] CVE-2017-13877: iOS 11 Apple Security Update: About the security content of iOS 11 Product: iOS Version: 11 CVE: CVE-2017-13877 Component: Sandbox Profiles Impact: A malicious application may be able to learn information about the presence of other applications on the device. Description: An application was able to determine the existence of files outside of its sandbox. This issue was addressed through additional sandbox checks.

CVE-2015-7046 [LOW] CVE-2015-7046: iOS 9.2 Apple Security Update: About the security content of iOS 9.2 Product: iOS Version: 9.2 CVE: CVE-2015-7046 Component: CVE-ID

CVE-2020-3894 [LOW] CWE-362 CVE-2020-3894: A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadO A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.

CVE-2016-4670 [LOW] CVE-2016-4670: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4670 Component: Security Impact: A local attacker can observe the length of a login password when a user logs in Description: A logging issue existed in the handling of passwords. This issue was addressed by removing password length logging.

CVE-2016-4583 [LOW] CVE-2016-4583: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4583 Component: WebKit Impact: Visiting a malicious website may disclose image data from another website Description: A timing issue existed in the processing of SVG. This issue was addressed through improved validation.

CVE-2016-4747 [LOW] CVE-2016-4747: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4747 Component: Mail Impact: An attacker with a privileged network position may be able to intercept mail credentials Description: An issue existed when handling untrusted certificates. This was addressed by terminating untrusted connections.

CVE-2016-1763 [LOW] CVE-2016-1763: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1763 Component: CVE-ID

CVE-2015-3778 [LOW] CVE-2015-3778: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3778 Component: CVE-ID

CVE-2016-1748 [LOW] CVE-2016-1748: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2016-1748 Component: CVE-ID

CVE-2022-32913 [LOW] CVE-2022-32913: iOS 16 Apple Security Update: About the security content of iOS 16 Product: iOS Version: 16 CVE: CVE-2022-32913 Component: Image Processing Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states.

CVE-2015-3756 [LOW] CVE-2015-3756: iOS 8.4.1 Apple Security Update: About the security content of iOS 8.4.1 Product: iOS Version: 8.4.1 CVE: CVE-2015-3756 Component: CVE-ID