Apple iOS vulnerabilities

3,940 known vulnerabilities affecting apple/iphone_os.

Total CVEs

3,940

CISA KEV

actively exploited

Public exploits

248

Exploited in wild

Severity breakdown

CRITICAL313HIGH1610MEDIUM1730LOW287

Vulnerabilities

Page 125 of 197

CVE-2017-13804MEDIUMCVSS 5.5fixed in 11.12017-11-13

CVE-2017-13804 [MEDIUM] CWE-20 CVE-2017-13804: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.

nvd

CVE-2017-13849MEDIUMCVSS 5.5PoCfixed in 11.12017-11-13

CVE-2017-13849 [MEDIUM] CWE-20 CVE-2017-13849: An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.

nvd

CVE-2017-13805LOWCVSS 2.4fixed in 11.12017-11-13

CVE-2017-13805 [LOW] CWE-200 CVE-2017-13805: An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state.

nvd

CVE-2017-13852LOWCVSS 3.3fixed in 11.12017-11-13

CVE-2017-13852 [LOW] CWE-200 CVE-2017-13852: An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.

nvd

CVE-2017-13844LOWCVSS 2.4fixed in 11.12017-11-13

CVE-2017-13844 [LOW] CWE-200 CVE-2017-13844: An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.

nvd

CVE-2017-7128CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7128 [CRITICAL] CWE-119 CVE-2017-7128: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

nvd

CVE-2017-7130CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7130 [CRITICAL] CWE-119 CVE-2017-7130: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

nvd

CVE-2017-7103CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7103 [CRITICAL] CWE-119 CVE-2017-7103: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

nvd

CVE-2017-7108CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7108 [CRITICAL] CWE-119 CVE-2017-7108: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

nvd

CVE-2017-7110CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7110 [CRITICAL] CWE-119 CVE-2017-7110: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

nvd

CVE-2017-7129CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7129 [CRITICAL] CWE-119 CVE-2017-7129: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other i

nvd

CVE-2017-7105CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7105 [CRITICAL] CWE-119 CVE-2017-7105: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

nvd

CVE-2017-7112CRITICALCVSS 9.8≤ 10.3.32017-10-23

CVE-2017-7112 [CRITICAL] CWE-119 CVE-2017-7112: An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affe An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

nvd

CVE-2017-7117HIGHCVSS 8.8PoC≤ 10.3.32017-10-23

CVE-2017-7117 [HIGH] CWE-119 CVE-2017-7117: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c

nvd

CVE-2017-7095HIGHCVSS 8.8≤ 10.3.32017-10-23

CVE-2017-7095 [HIGH] CWE-119 CVE-2017-7095: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c

nvd

CVE-2017-7102HIGHCVSS 8.8≤ 10.3.32017-10-23

CVE-2017-7102 [HIGH] CWE-119 CVE-2017-7102: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c

nvd

CVE-2017-7093HIGHCVSS 8.8≤ 10.3.32017-10-23

CVE-2017-7093 [HIGH] CWE-119 CVE-2017-7093: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c

nvd

CVE-2017-7091HIGHCVSS 8.8≤ 10.3.32017-10-23

CVE-2017-7091 [HIGH] CWE-119 CVE-2017-7091: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c

nvd

CVE-2017-7114HIGHCVSS 7.8≤ 10.3.32017-10-23

CVE-2017-7114 [HIGH] CWE-119 CVE-2017-7114: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

nvd

CVE-2017-7092HIGHCVSS 8.8≤ 10.3.32017-10-23

CVE-2017-7092 [HIGH] CWE-119 CVE-2017-7092: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory c

nvd

← Previous125 / 197Next →