Apple iOS vulnerabilities
3,940 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,940
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1730LOW287
Vulnerabilities
Page 122 of 197
CVE-2018-4090MEDIUMCVSS 5.5PoCfixed in 11.2.52018-04-03
CVE-2018-4090 [MEDIUM] CWE-200 CVE-2018-4090: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2018-4113MEDIUMCVSS 6.5fixed in 11.32018-04-03
CVE-2018-4113 [MEDIUM] CWE-617 CVE-2018-4113: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers
nvd
CVE-2018-4086MEDIUMCVSS 5.9fixed in 11.2.52018-04-03
CVE-2018-4086 [MEDIUM] CWE-295 CVE-2018-4086: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
nvd
CVE-2018-4092MEDIUMCVSS 4.7fixed in 11.2.52018-04-03
CVE-2018-4092 [MEDIUM] CWE-362 CVE-2018-4092: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2018-4168MEDIUMCVSS 4.6fixed in 11.32018-04-03
CVE-2018-4168 [MEDIUM] CWE-200 CVE-2018-4168: An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.
nvd
CVE-2017-13873MEDIUMCVSS 4.3fixed in 11.02018-04-03
CVE-2017-13873 [MEDIUM] CWE-200 CVE-2017-13873: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
nvd
CVE-2017-7075MEDIUMCVSS 5.5fixed in 11.02018-04-03
CVE-2017-7075 [MEDIUM] CWE-200 CVE-2017-7075: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.
nvd
CVE-2018-4093MEDIUMCVSS 5.5fixed in 11.2.52018-04-03
CVE-2018-4093 [MEDIUM] CWE-200 CVE-2018-4093: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd
CVE-2018-4172MEDIUMCVSS 4.6fixed in 11.32018-04-03
CVE-2018-4172 [MEDIUM] CVE-2018-4172: An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
nvd
CVE-2017-2493MEDIUMCVSS 6.5fixed in 10.32018-04-03
CVE-2017-2493 [MEDIUM] CWE-200 CVE-2017-2493: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web s
nvd
CVE-2017-13806MEDIUMCVSS 5.5fixed in 11.02018-04-03
CVE-2017-13806 [MEDIUM] CVE-2017-13806: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed.
nvd
CVE-2017-7066MEDIUMCVSS 6.5fixed in 10.3.32018-04-03
CVE-2017-7066 [MEDIUM] CWE-119 CVE-2017-7066: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a denial of service (memory corruption on the Wi-Fi chip) by leveraging proximity for 802.11.
nvd
CVE-2017-7164MEDIUMCVSS 5.9fixed in 11.22018-04-03
CVE-2017-7164 [MEDIUM] CWE-20 CVE-2017-7164: An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts.
nvd
CVE-2018-4146MEDIUMCVSS 6.5fixed in 11.32018-04-03
CVE-2018-4146 [MEDIUM] CWE-119 CVE-2018-4146: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service
nvd
CVE-2017-7153MEDIUMCVSS 6.1fixed in 11.22018-04-03
CVE-2017-7153 [MEDIUM] CWE-601 CVE-2017-7153: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interf
nvd
CVE-2018-4174MEDIUMCVSS 5.9fixed in 11.32018-04-03
CVE-2018-4174 [MEDIUM] CVE-2018-4174: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
nvd
CVE-2017-7003MEDIUMCVSS 5.5fixed in 10.3.22018-04-03
CVE-2017-7003 [MEDIUM] CWE-20 CVE-2017-7003: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file.
nvd
CVE-2018-4117MEDIUMCVSS 6.5fixed in 11.32018-04-03
CVE-2018-4117 [MEDIUM] CWE-200 CVE-2018-4117: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 i
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy an
nvd
CVE-2017-6976MEDIUMCVSS 5.5fixed in 10.32018-04-03
CVE-2017-6976 [MEDIUM] CVE-2017-6976: An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves t
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app.
nvd
CVE-2018-4104MEDIUMCVSS 5.5fixed in 11.32018-04-03
CVE-2018-4104 [MEDIUM] CWE-200 CVE-2018-4104: An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvd