Apple iOS vulnerabilities

3,940 known vulnerabilities affecting apple/iphone_os.

Total CVEs

3,940

CISA KEV

actively exploited

Public exploits

248

Exploited in wild

Severity breakdown

CRITICAL313HIGH1610MEDIUM1730LOW287

Vulnerabilities

Page 123 of 197

CVE-2017-13877LOWCVSS 3.3fixed in 11.02018-04-03

CVE-2017-13877 [LOW] CWE-200 CVE-2017-13877: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.

nvd

CVE-2018-4123LOWCVSS 2.4fixed in 11.32018-04-03

CVE-2018-4123 [LOW] CWE-200 CVE-2018-4123: An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves a An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address.

nvd

CVE-2017-7157HIGHCVSS 8.8fixed in 11.22017-12-27

CVE-2017-7157 [HIGH] CWE-119 CVE-2017-7157: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service

nvd

CVE-2017-7156HIGHCVSS 8.8fixed in 11.22017-12-27

CVE-2017-7156 [HIGH] CWE-119 CVE-2017-7156: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service

nvd

CVE-2017-7162HIGHCVSS 7.8fixed in 11.22017-12-27

CVE-2017-7162 [HIGH] CWE-119 CVE-2017-7162: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-7160HIGHCVSS 8.8fixed in 11.22017-12-27

CVE-2017-7160 [HIGH] CWE-119 CVE-2017-7160: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service

nvd

CVE-2017-7152MEDIUMCVSS 4.3fixed in 11.22017-12-27

CVE-2017-7152 [MEDIUM] CVE-2017-7152: An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.

nvd

CVE-2017-7154MEDIUMCVSS 6.6PoCfixed in 11.22017-12-27

CVE-2017-7154 [MEDIUM] CWE-20 CVE-2017-7154: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).

nvd

CVE-2017-13903HIGHCVSS 7.5fixed in 11.2.12017-12-25

CVE-2017-13903 [HIGH] CVE-2017-13903: An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.

nvd

CVE-2017-13876HIGHCVSS 7.8PoCfixed in 11.22017-12-25

CVE-2017-13876 [HIGH] CWE-119 CVE-2017-13876: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

nvd

CVE-2017-13856HIGHCVSS 8.8fixed in 11.22017-12-25

CVE-2017-13856 [HIGH] CWE-119 CVE-2017-13856: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of servi

nvd

CVE-2017-13870HIGHCVSS 8.8fixed in 11.22017-12-25

CVE-2017-13870 [HIGH] CWE-119 CVE-2017-13870: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of servi

nvd

CVE-2017-13867HIGHCVSS 7.8PoCfixed in 11.22017-12-25

CVE-2017-13867 [HIGH] CWE-119 CVE-2017-13867: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

nvd

CVE-2017-13874HIGHCVSS 7.5fixed in 11.22017-12-25

CVE-2017-13874 [HIGH] CVE-2017-13874: An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.

nvd

CVE-2017-13866HIGHCVSS 8.8fixed in 11.22017-12-25

CVE-2017-13866 [HIGH] CWE-119 CVE-2017-13866: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of servi

nvd

CVE-2017-13879HIGHCVSS 7.8fixed in 11.22017-12-25

CVE-2017-13879 [HIGH] CWE-119 CVE-2017-13879: An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-13847HIGHCVSS 7.8PoCfixed in 11.22017-12-25

CVE-2017-13847 [HIGH] CWE-119 CVE-2017-13847: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-13861HIGHCVSS 7.8PoCfixed in 11.22017-12-25

CVE-2017-13861 [HIGH] CWE-119 CVE-2017-13861: An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-13862HIGHCVSS 7.8fixed in 11.22017-12-25

CVE-2017-13862 [HIGH] CWE-119 CVE-2017-13862: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted a

nvd

CVE-2017-13869MEDIUMCVSS 5.5PoCfixed in 11.22017-12-25

CVE-2017-13869 [MEDIUM] CWE-200 CVE-2017-13869: An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

nvd

← Previous123 / 197Next →