Apple iOS vulnerabilities

CVE-2019-6200 [HIGH] CWE-125 CVE-2019-6200: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1. An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code.

CVE-2019-6234 [HIGH] CWE-787 CVE-2019-6234: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6226 [HIGH] CWE-787 CVE-2019-6226: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6202 [HIGH] CWE-125 CVE-2019-6202: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges.

CVE-2019-6219 [HIGH] CWE-20 CVE-2019-6219: A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. Processing a maliciously crafted message may lead to a denial of service.

CVE-2019-6210 [HIGH] CWE-787 CVE-2019-6210: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2019-6217 [HIGH] CWE-787 CVE-2019-6217: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2019-6205 [HIGH] CWE-787 CVE-2019-6205: A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iO A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

CVE-2019-6208 [MEDIUM] CWE-665 CVE-2019-6208: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.

CVE-2019-6231 [MEDIUM] CWE-125 CVE-2019-6231: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to read restricted memory.

CVE-2019-6209 [MEDIUM] CWE-125 CVE-2019-6209: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.

CVE-2019-6229 [MEDIUM] CWE-79 CVE-2019-6229: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2 A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2019-6228 [MEDIUM] CWE-79 CVE-2019-6228: A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validatio A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack.

CVE-2019-6206 [CRITICAL] CWE-200 CVE-2019-6206: An issue existed with autofill resuming after it was canceled. The issue was addressed with improved An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.

CVE-2019-6235 [CRITICAL] CWE-787 CVE-2019-6235: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3, iTunes 12.9.3 for Windows. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2019-8906 [MEDIUM] CWE-125 CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is mis do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

CVE-2018-4147 [CRITICAL] CWE-119 CVE-2018-4147: In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS be In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.

CVE-2018-4298 [CRITICAL] CVE-2018-4298: In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.

CVE-2018-4189 [CRITICAL] CWE-119 CVE-2018-4189: In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Securit In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.

CVE-2018-4185 [HIGH] CWE-200 CVE-2018-4185: In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an i In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.