Apple iOS vulnerabilities

CVE-2017-7109 [MEDIUM] CWE-79 CVE-2017-7109: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web

CVE-2017-7131 [MEDIUM] CWE-200 CVE-2017-7131: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app.

CVE-2017-7145 [MEDIUM] CWE-275 CVE-2017-7145: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.

CVE-2017-7085 [MEDIUM] CWE-20 CVE-2017-7085: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.

CVE-2017-7083 [MEDIUM] CWE-20 CVE-2017-7083: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service.

CVE-2017-7089 [MEDIUM] CWE-79 CVE-2017-7089: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.

CVE-2017-7088 [MEDIUM] CWE-275 CVE-2017-7088: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account.

CVE-2017-7106 [MEDIUM] CWE-20 CVE-2017-7106: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar.

CVE-2017-7146 [MEDIUM] CWE-732 CVE-2017-7146: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.

CVE-2017-7140 [MEDIUM] CWE-200 CVE-2017-7140: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.

CVE-2017-7072 [MEDIUM] CWE-20 CVE-2017-7072: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file.

CVE-2017-7078 [MEDIUM] CWE-319 CVE-2017-7078: An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.

CVE-2017-7144 [MEDIUM] CWE-275 CVE-2017-7144: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is af An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.

CVE-2017-7148 [LOW] CWE-200 CVE-2017-7148: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.

CVE-2017-7139 [LOW] CWE-200 CVE-2017-7139: An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action.

CVE-2017-11122 [HIGH] CWE-200 CVE-2017-11122: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.

CVE-2017-11121 [CRITICAL] CWE-119 CVE-2017-11121: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

CVE-2017-11120 [CRITICAL] CWE-119 CVE-2017-11120: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malform On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

CVE-2017-14315 [HIGH] CWE-119 CVE-2017-14315: In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Pr In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the d

CVE-2017-8248 [CRITICAL] CWE-119 CVE-2017-8248: A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as use A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.