Apple iOS vulnerabilities

3,941 known vulnerabilities affecting apple/iphone_os.

Total CVEs

3,941

CISA KEV

actively exploited

Public exploits

248

Exploited in wild

Severity breakdown

CRITICAL313HIGH1610MEDIUM1731LOW287

Vulnerabilities

Page 184 of 198

CVE-2011-3075MEDIUMCVSS 6.8fixed in 6.02012-04-05

CVE-2011-3075 [MEDIUM] CWE-416 CVE-2011-3075: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.

nvd

CVE-2011-3069MEDIUMCVSS 6.8fixed in 6.02012-04-05

CVE-2011-3069 [MEDIUM] CWE-416 CVE-2011-3069: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

nvd

CVE-2011-3074MEDIUMCVSS 6.8fixed in 6.02012-04-05

CVE-2011-3074 [MEDIUM] CWE-416 CVE-2011-3074: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

nvd

CVE-2011-3073MEDIUMCVSS 6.8fixed in 6.02012-04-05

CVE-2011-3073 [MEDIUM] CWE-416 CVE-2011-3073: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

nvd

CVE-2011-3064HIGHCVSS 7.5fixed in 6.02012-03-30

CVE-2011-3064 [HIGH] CWE-416 CVE-2011-3064: Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

nvd

CVE-2011-3059MEDIUMCVSS 6.8fixed in 6.02012-03-30

CVE-2011-3059 [MEDIUM] CWE-125 CVE-2011-3059: Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote a Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

nvd

CVE-2011-3058MEDIUMCVSS 4.3fixed in 6.0.12012-03-30

CVE-2011-3058 [MEDIUM] CWE-79 CVE-2011-3058: Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

nvd

CVE-2011-3060MEDIUMCVSS 6.8fixed in 6.02012-03-30

CVE-2011-3060 [MEDIUM] CWE-125 CVE-2011-3060: Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote atta Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

nvd

CVE-2011-3056MEDIUMCVSS 6.8fixed in 5.1.12012-03-22

CVE-2011-3056 [MEDIUM] CWE-346 CVE-2011-3056: Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vector Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

nvd

CVE-2011-3050MEDIUMCVSS 6.8fixed in 6.02012-03-22

CVE-2011-3050 [MEDIUM] CWE-416 CVE-2011-3050: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

nvd

CVE-2011-3053MEDIUMCVSS 6.8fixed in 6.02012-03-22

CVE-2011-3053 [MEDIUM] CWE-416 CVE-2011-3053: Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.

nvd

CVE-2011-3046CRITICALCVSS 10.0fixed in 5.1.12012-03-09

CVE-2011-3046 [CRITICAL] CWE-79 CVE-2011-3046: The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigat The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

nvd

CVE-2012-0596CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0596 [CRITICAL] CWE-119 CVE-2012-0596: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2012-0629CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0629 [CRITICAL] CWE-119 CVE-2012-0629: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2012-0602CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0602 [CRITICAL] CWE-119 CVE-2012-0602: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2012-0613CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0613 [CRITICAL] CWE-119 CVE-2012-0613: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2012-0633CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0633 [CRITICAL] CWE-119 CVE-2012-0633: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2012-0600CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0600 [CRITICAL] CWE-119 CVE-2012-0600: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2011-2868CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2011-2868 [CRITICAL] CWE-119 CVE-2011-2868: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

CVE-2012-0619CRITICALCVSS 9.3fixed in 5.12012-03-08

CVE-2012-0619 [CRITICAL] CWE-119 CVE-2012-0619: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.

nvd

← Previous184 / 198Next →