Apple iOS vulnerabilities

CVE-2019-8566 [LOW] CWE-20 CVE-2019-8566: An API issue existed in the handling of microphone data. This issue was addressed with improved vali An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user.

CVE-2019-8682 [LOW] CWE-306 CVE-2019-8682: The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A u The issue was addressed with improved UI handling. This issue is fixed in iOS 12.4, watchOS 5.3. A user may inadvertently complete an in-app purchase while on the lock screen.

CVE-2019-8502 [LOW] CWE-20 CVE-2019-8502: An API issue existed in the handling of dictation requests. This issue was addressed with improved v An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

CVE-2019-8775 [LOW] CVE-2019-8775: The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

CVE-2019-8599 [LOW] CVE-2019-8599: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person wi A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.

CVE-2019-8742 [LOW] CVE-2019-8742: The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock screen.

CVE-2019-14899 [HIGH] CWE-300 CVE-2019-14899: A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a mal A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to in

CVE-2019-15165 [MEDIUM] CWE-770 CVE-2019-15165: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocati sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

CVE-2019-13118 [MEDIUM] CWE-843 CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

CVE-2018-4332 [CRITICAL] CWE-119 CVE-2018-4332: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4310 [CRITICAL] CWE-269 CVE-2018-4310: An access issue was addressed with additional sandbox restrictions. This issue affected versions pri An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CVE-2018-4367 [CRITICAL] CWE-119 CVE-2018-4367: A memory corruption issue was addressed with improved input validation. This issue affected versions A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.

CVE-2018-4331 [CRITICAL] CWE-119 CVE-2018-4331: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4359 [HIGH] CWE-119 CVE-2018-4359: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4191 [HIGH] CWE-119 CVE-2018-4191: A memory corruption issue was addressed with improved validation. This issue affected versions prior A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4315 [HIGH] CWE-416 CVE-2018-4315: A use after free issue was addressed with improved memory management. This issue affected versions p A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4197 [HIGH] CWE-416 CVE-2018-4197: A use after free issue was addressed with improved memory management. This issue affected versions p A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4436 [HIGH] CWE-295 CVE-2018-4436: A certificate validation issue existed in configuration profiles. This was addressed with additional A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.

CVE-2018-4323 [HIGH] CWE-119 CVE-2018-4323: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.