Iphone OS
by Apple Inc.
CVEs (2,060)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54523 | Med | 0.41 | 6.3 | 0.00 | Jan 27, 2025 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory. | ||
| CVE-2024-27840 | Med | 0.41 | 6.3 | 0.00 | Jun 10, 2024 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution… | ||
| CVE-2026-28950 | Med | 0.40 | 6.2 | 0.03 | Apr 22, 2026 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly… | ||
| CVE-2026-28833 | Med | 0.40 | 6.2 | 0.00 | Mar 25, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps. | ||
| CVE-2025-43211 | Med | 0.40 | 6.2 | 0.00 | Jul 30, 2025 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service. | ||
| CVE-2024-44145 | Med | 0.40 | 6.1 | 0.00 | Oct 28, 2024 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen. | ||
| CVE-2024-40857 | Med | 0.40 | 6.1 | 0.01 | Sep 17, 2024 | This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting. | ||
| CVE-2024-40785 | Med | 0.40 | 6.1 | 0.01 | Jul 29, 2024 | This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting… | ||
| CVE-2024-23223 | Med | 0.40 | 6.2 | 0.00 | Jan 23, 2024 | A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data. | ||
| CVE-2024-23219 | Med | 0.40 | 6.2 | 0.00 | Jan 23, 2024 | The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled. | ||
| CVE-2017-7109 | Med | 0.40 | 6.1 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site… | ||
| CVE-2017-7059 | Med | 0.40 | 6.1 | 0.01 | Jul 20, 2017 | A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | ||
| CVE-2017-7038 | Med | 0.40 | 6.1 | 0.03 | Jul 20, 2017 | A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | ||
| CVE-2017-2549 | Med | 0.40 | 6.1 | 0.01 | May 22, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web… | ||
| CVE-2017-2497 | Med | 0.40 | 6.1 | 0.01 | May 22, 2017 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. | ||
| CVE-2017-2475 | Med | 0.40 | 6.1 | 0.02 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames… | ||
| CVE-2017-2393 | Med | 0.40 | 6.1 | 0.01 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site. | ||
| CVE-2016-7762 | Med | 0.40 | 6.1 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. | ||
| CVE-2016-4618 | Med | 0.40 | 6.1 | 0.01 | Sep 25, 2016 | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | ||
| CVE-2016-4651 | Med | 0.40 | 6.1 | 0.02 | Jul 22, 2016 | Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)"… |
- risk 0.41cvss 6.3epss 0.00
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, watchOS 11.2. An app may be able to corrupt coprocessor memory.
- risk 0.41cvss 6.3epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An attacker that has already achieved kernel code execution…
- risk 0.40cvss 6.2epss 0.03
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly…
- risk 0.40cvss 6.2epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. An app may be able to enumerate a user's installed apps.
- risk 0.40cvss 6.2epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.
- risk 0.40cvss 6.1epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen.
- risk 0.40cvss 6.1epss 0.01
This issue was addressed through improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to universal cross site scripting.
- risk 0.40cvss 6.1epss 0.01
This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting…
- risk 0.40cvss 6.2epss 0.00
A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to access sensitive user data.
- risk 0.40cvss 6.2epss 0.00
The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site…
- risk 0.40cvss 6.1epss 0.01
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
- risk 0.40cvss 6.1epss 0.03
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.
- risk 0.40cvss 6.1epss 0.02
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted use of frames…
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
- risk 0.40cvss 6.1epss 0.02
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)"…
Page 36 of 103