Apple iOS vulnerabilities

CVE-2016-4620 [LOW] CVE-2016-4620: iOS 10 Apple Security Update: About the security content of iOS 10 Product: iOS Version: 10 CVE: CVE-2016-4620 Component: Sandbox Profiles Impact: A malicious application may be able to determine whom a user is texting Description: An access control issue existed in SMS draft directories. This issue was addressed by preventing apps from stat'ing the affected directories.

CVE-2016-1790 [LOW] CVE-2016-1790: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1790 Component: CVE-ID

CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

CVE-2016-4664 [LOW] CVE-2016-4664: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4664 Component: Sandbox Profiles Impact: An application may be able to retrieve metadata of photo directories Description: An access issue was addressed through additional sandbox restrictions on third party applications.

CVE-2016-4665 [LOW] CVE-2016-4665: iOS 10.1 Apple Security Update: About the security content of iOS 10.1 Product: iOS Version: 10.1 CVE: CVE-2016-4665 Component: Sandbox Profiles Impact: An application may be able to retrieve metadata of audio recording directories Description: An access issue was addressed through additional sandbox restrictions on third party applications.

CVE-2019-8809 [LOW] CVE-2019-8809: A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, i A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.

CVE-2017-2383 [LOW] CVE-2017-2383: iOS 10.2.1 Apple Security Update: About the security content of iOS 10.2.1 Product: iOS Version: 10.2.1 CVE: CVE-2017-2383 Component: APNs Server Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.

CVE-2015-7094 [LOW] CVE-2015-7094: iOS 9.2 Apple Security Update: About the security content of iOS 9.2 Product: iOS Version: 9.2 CVE: CVE-2015-7094 Component: CVE-ID

CVE-2016-4593 [LOW] CVE-2016-4593: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4593 Component: Siri Contacts Impact: A person with physical access to a device may be able to see private contact information Description: A privacy issue existed in the handling of Contact cards. This was addressed through improved state management.

CVE-2020-9933 [LOW] CVE-2020-9933: An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

CVE-2016-7657 [LOW] CVE-2016-7657: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7657 Component: IOKit Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation.

CVE-2019-8698 [LOW] CWE-20 CVE-2019-8698: A validation issue existed in the entitlement verification. This issue was addressed with improved v A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

CVE-2020-3844 [LOW] CVE-2020-3844: This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state.

CVE-2019-8730 [LOW] CVE-2019-8730: iOS 13 Apple Security Update: About the security content of iOS 13 Product: iOS Version: 13 CVE: CVE-2019-8730 Component: Notes Impact: A local user may be able to view a user’s locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup.

CVE-2017-2375 [LOW] CVE-2017-2375: An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addre An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.

CVE-2016-7714 [LOW] CVE-2016-7714: iOS 10.2 Apple Security Update: About the security content of iOS 10.2 Product: iOS Version: 10.2 CVE: CVE-2016-7714 Component: IOKit Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling.

CVE-2017-2384 [LOW] CVE-2017-2384: iOS 10.3 Apple Security Update: About the security content of iOS 10.3 Product: iOS Version: 10.3 CVE: CVE-2017-2384 Component: CVE-2017-2384

CVE-2019-8541 [LOW] CVE-2019-8541: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.

CVE-2015-1085 [LOW] CVE-2015-1085: iOS 8.3 Apple Security Update: About the security content of iOS 8.3 Product: iOS Version: 8.3 CVE: CVE-2015-1085 Component: CVE-ID

CVE-2021-30804 [LOW] CVE-2021-30804: A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malic A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.