Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 116 of 197
CVE-2018-4209HIGHCVSS 8.8fixed in 11.32019-01-11
CVE-2018-4209 [HIGH] CWE-20 CVE-2018-4209: In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
nvd
CVE-2017-13888HIGHCVSS 7.5fixed in 11.22019-01-11
CVE-2017-13888 [HIGH] CWE-704 CVE-2017-13888: In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
nvd
CVE-2016-7576HIGHCVSS 7.8fixed in 9.3.32019-01-11
CVE-2016-7576 [HIGH] CWE-119 CVE-2016-7576: In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed throu
In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
nvd
CVE-2018-4330HIGHCVSS 7.8fixed in 11.42019-01-11
CVE-2018-4330 [HIGH] CWE-119 CVE-2018-4330: In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
nvd
CVE-2018-4213HIGHCVSS 8.8fixed in 11.32019-01-11
CVE-2018-4213 [HIGH] CWE-20 CVE-2018-4213: In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
nvd
CVE-2018-4210HIGHCVSS 8.8fixed in 11.32019-01-11
CVE-2018-4210 [HIGH] CWE-129 CVE-2018-4210: In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 f
In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.
nvd
CVE-2018-4212HIGHCVSS 8.8fixed in 11.32019-01-11
CVE-2018-4212 [HIGH] CVE-2018-4212: In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
nvd
CVE-2018-4207HIGHCVSS 8.8fixed in 11.32019-01-11
CVE-2018-4207 [HIGH] CWE-20 CVE-2018-4207: In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
nvd
CVE-2018-4194HIGHCVSS 8.8fixed in 11.42019-01-11
CVE-2018-4194 [HIGH] CWE-125 CVE-2018-4194: In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Wi
In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
nvd
CVE-2018-4262HIGHCVSS 8.8fixed in 11.4.12019-01-11
CVE-2018-4262 [HIGH] CWE-119 CVE-2018-4262: In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
nvd
CVE-2018-4277HIGHCVSS 7.5fixed in 11.4.12019-01-11
CVE-2018-4277 [HIGH] CWE-20 CVE-2018-4277: In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sie
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
nvd
CVE-2018-4208HIGHCVSS 8.8fixed in 11.32019-01-11
CVE-2018-4208 [HIGH] CWE-20 CVE-2018-4208: In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
nvd
CVE-2018-4404HIGHCVSS 8.8PoCfixed in 11.42019-01-11
CVE-2018-4404 [HIGH] CWE-119 CVE-2018-4404: In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was ad
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.
nvd
CVE-2016-4644MEDIUMCVSS 6.5fixed in 9.3.32019-01-11
CVE-2016-4644 [MEDIUM] CWE-200 CVE-2016-4644: In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a downgrade issue existed with HTTP authentication credentials saved in Keychain. This issue was addressed by storing the authentication types with the credentials.
nvd
CVE-2016-4643MEDIUMCVSS 6.5fixed in 9.3.32019-01-11
CVE-2016-4643 [MEDIUM] CWE-200 CVE-2016-4643: In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation.
nvd
CVE-2018-4278MEDIUMCVSS 4.3fixed in 11.4.12019-01-11
CVE-2018-4278 [MEDIUM] CVE-2018-4278: In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
nvd
CVE-2016-4642MEDIUMCVSS 5.9fixed in 9.3.32019-01-11
CVE-2016-4642 [MEDIUM] CWE-254 CVE-2016-4642: In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
nvd
CVE-2017-2411MEDIUMCVSS 5.9fixed in 11.22019-01-11
CVE-2017-2411 [MEDIUM] CWE-254 CVE-2017-2411: In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
nvd
CVE-2017-13891MEDIUMCVSS 6.5fixed in 11.22019-01-11
CVE-2017-13891 [MEDIUM] CWE-20 CVE-2017-13891: In iOS before 11.2, an inconsistent user interface issue was addressed through improved state manage
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management.
nvd
CVE-2018-5383MEDIUMCVSS 6.8fixed in 11.42018-08-07
CVE-2018-5383 [MEDIUM] CWE-325 CVE-2018-5383: Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encr
nvd