Apple iOS vulnerabilities
3,941 known vulnerabilities affecting apple/iphone_os.
Total CVEs
3,941
CISA KEV
92
actively exploited
Public exploits
248
Exploited in wild
79
Severity breakdown
CRITICAL313HIGH1610MEDIUM1731LOW287
Vulnerabilities
Page 180 of 198
CVE-2013-1005CRITICALCVSS 9.3≤ 6.1.4v1.0.0+46 more2013-05-20
CVE-2013-1005 [CRITICAL] CWE-399 CVE-2013-1005: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
nvd
CVE-2013-0999CRITICALCVSS 9.3≤ 6.1.4v1.0.0+46 more2013-05-20
CVE-2013-0999 [CRITICAL] CWE-119 CVE-2013-0999: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
nvd
CVE-2013-1007CRITICALCVSS 9.3≤ 6.1.4v1.0.0+46 more2013-05-20
CVE-2013-1007 [CRITICAL] CWE-399 CVE-2013-1007: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
nvd
CVE-2013-1002CRITICALCVSS 9.3≤ 6.1.4v1.0.0+46 more2013-05-20
CVE-2013-1002 [CRITICAL] CWE-399 CVE-2013-1002: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
nvd
CVE-2013-1010CRITICALCVSS 9.3≤ 6.1.4v1.0.0+46 more2013-05-20
CVE-2013-1010 [CRITICAL] CWE-399 CVE-2013-1010: WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitra
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
nvd
CVE-2013-0981HIGHCVSS 7.2≤ 6.1.2v1.0.0+44 more2013-03-20
CVE-2013-0981 [HIGH] CVE-2013-0981: The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and A
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.
nvd
CVE-2013-0977MEDIUMCVSS 4.6≤ 6.1.2v1.0.0+44 more2013-03-20
CVE-2013-0977 [MEDIUM] CVE-2013-0977: dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.
nvd
CVE-2013-0979LOWCVSS 1.9≤ 6.1.2v1.0.0+44 more2013-03-20
CVE-2013-0979 [LOW] CWE-264 CVE-2013-0979: lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the per
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.
nvd
CVE-2013-0978LOWCVSS 2.1≤ 6.1.2v1.0.0+44 more2013-03-20
CVE-2013-0978 [LOW] CWE-200 CVE-2013-0978: The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 doe
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
nvd
CVE-2013-0980LOWCVSS 2.1≤ 6.1.2v1.0.0+44 more2013-03-20
CVE-2013-0980 [LOW] CWE-264 CVE-2013-0980: The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state,
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.
nvd
CVE-2013-0951MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0951 [MEDIUM] CWE-119 CVE-2013-0951: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0952MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0952 [MEDIUM] CWE-119 CVE-2013-0952: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0953MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0953 [MEDIUM] CWE-119 CVE-2013-0953: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0958MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0958 [MEDIUM] CWE-119 CVE-2013-0958: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0974MEDIUMCVSS 5.1≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0974 [MEDIUM] CVE-2013-0974: StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the pre
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.
nvd
CVE-2013-0956MEDIUMCVSS 6.8≤ 6.0.2v1.0.0+42 more2013-01-29
CVE-2013-0956 [MEDIUM] CWE-119 CVE-2013-0956: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0954MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0954 [MEDIUM] CWE-119 CVE-2013-0954: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0968MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0968 [MEDIUM] CWE-119 CVE-2013-0968: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0949MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0949 [MEDIUM] CWE-119 CVE-2013-0949: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd
CVE-2013-0950MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2013-01-29
CVE-2013-0950 [MEDIUM] CWE-119 CVE-2013-0950: WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
nvd