Apple iOS vulnerabilities

CVE-2010-1776 [MEDIUM] CWE-254 CVE-2010-1776: Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod t Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.

CVE-2016-4650 [HIGH] CWE-119 CVE-2016-4650: Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS b Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-6975 [MEDIUM] CVE-2017-6975: Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation v Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.

CVE-2017-2428 [CRITICAL] CVE-2017-2428: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an unspecified impact via unknown vectors.

CVE-2017-2423 [CRITICAL] CWE-347 CVE-2017-2423: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.

CVE-2017-2434 [CRITICAL] CWE-20 CVE-2017-2434: An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves t An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.

CVE-2017-2398 [HIGH] CWE-119 CVE-2017-2398: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2017-2461 [HIGH] CWE-20 CVE-2017-2461: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.

CVE-2017-2466 [HIGH] CWE-119 CVE-2017-2466: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2455 [HIGH] CWE-119 CVE-2017-2455: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2415 [HIGH] CVE-2017-2415: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."

CVE-2017-2441 [HIGH] CWE-416 CVE-2017-2441: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "libc++abi" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during dema

CVE-2017-2430 [HIGH] CWE-119 CVE-2017-2430: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted

CVE-2017-2379 [HIGH] CWE-119 CVE-2017-2379: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Carbon" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted

CVE-2017-2470 [HIGH] CWE-119 CVE-2017-2470: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2017-2380 [HIGH] CWE-326 CVE-2017-2380: An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.

CVE-2017-2407 [HIGH] CWE-119 CVE-2017-2407: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cr

CVE-2017-2478 [HIGH] CWE-362 CVE-2017-2478: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

CVE-2017-2485 [HIGH] CWE-416 CVE-2017-2485: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craf

CVE-2017-2389 [HIGH] CVE-2017-2389: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 i An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.