Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 119 of 197
CVE-2018-4124CRITICALCVSS 9.8fixed in 11.2.62018-04-03
CVE-2018-4124 [CRITICAL] CWE-119 CVE-2018-4124: An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly
nvd
CVE-2018-4148CRITICALCVSS 9.8fixed in 11.32018-04-03
CVE-2018-4148 [CRITICAL] CWE-119 CVE-2018-4148: An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.
nvd
CVE-2018-4082HIGHCVSS 7.8fixed in 11.2.52018-04-03
CVE-2018-4082 [HIGH] CWE-119 CVE-2018-4082: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft
nvd
CVE-2018-4118HIGHCVSS 8.8fixed in 11.32018-04-03
CVE-2018-4118 [HIGH] CWE-119 CVE-2018-4118: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (
nvd
CVE-2017-7171HIGHCVSS 7.8fixed in 11.22018-04-03
CVE-2017-7171 [HIGH] CWE-119 CVE-2017-7171: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craf
nvd
CVE-2018-4157HIGHCVSS 7.0fixed in 11.32018-04-03
CVE-2018-4157 [HIGH] CWE-362 CVE-2018-4157: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2018-4156HIGHCVSS 7.0fixed in 11.32018-04-03
CVE-2018-4156 [HIGH] CWE-362 CVE-2018-4156: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2018-4137HIGHCVSS 7.5fixed in 11.32018-04-03
CVE-2018-4137 [HIGH] CWE-200 CVE-2018-4137: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
nvd
CVE-2017-13885HIGHCVSS 8.8fixed in 11.22018-04-03
CVE-2017-13885 [HIGH] CWE-119 CVE-2017-13885: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of servi
nvd
CVE-2017-7172HIGHCVSS 7.8fixed in 11.22018-04-03
CVE-2017-7172 [HIGH] CWE-119 CVE-2017-7172: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitra
nvd
CVE-2018-4127HIGHCVSS 8.8fixed in 11.32018-04-03
CVE-2018-4127 [HIGH] CWE-119 CVE-2018-4127: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (
nvd
CVE-2017-7065HIGHCVSS 8.8fixed in 10.3.32018-04-03
CVE-2017-7065 [HIGH] CWE-119 CVE-2017-7065: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11.
nvd
CVE-2017-13884HIGHCVSS 8.8fixed in 11.22018-04-03
CVE-2017-13884 [HIGH] CWE-119 CVE-2017-13884: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2017-7004HIGHCVSS 7.0PoCfixed in 10.3.22018-04-03
CVE-2017-7004 [HIGH] CWE-362 CVE-2017-7004: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app.
nvd
CVE-2018-4125HIGHCVSS 8.8fixed in 11.32018-04-03
CVE-2018-4125 [HIGH] CWE-119 CVE-2018-4125: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod
nvd
CVE-2018-4140HIGHCVSS 7.5fixed in 11.32018-04-03
CVE-2018-4140 [HIGH] CWE-476 CVE-2018-4140: An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.
nvd
CVE-2018-4166HIGHCVSS 7.0fixed in 11.32018-04-03
CVE-2018-4166 [HIGH] CWE-362 CVE-2018-4166: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2018-4167HIGHCVSS 7.0fixed in 11.32018-04-03
CVE-2018-4167 [HIGH] CWE-362 CVE-2018-4167: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
nvd
CVE-2018-4122HIGHCVSS 8.8fixed in 11.32018-04-03
CVE-2018-4122 [HIGH] CWE-119 CVE-2018-4122: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary cod
nvd
CVE-2017-13904HIGHCVSS 7.8fixed in 11.22018-04-03
CVE-2017-13904 [HIGH] CWE-119 CVE-2017-13904: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a
nvd