VYPR

Iphone OS

by Apple Inc.

CVEs (2,059)

  • CVE-2015-7116MedJan 10, 2016
    risk 0.28cvss 4.3epss 0.02

    libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.

  • CVE-2015-7115MedJan 10, 2016
    risk 0.28cvss 4.3epss 0.02

    libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.

  • CVE-2026-28882MedMar 25, 2026
    risk 0.26cvss 4.0epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.

  • CVE-2025-43205MedNov 12, 2025
    risk 0.26cvss 4.0epss 0.00

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.

  • CVE-2025-43203MedSep 15, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.

  • CVE-2025-43265MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.

  • CVE-2025-43230MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.

  • CVE-2025-43226MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of…

  • CVE-2025-43217MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.

  • CVE-2024-54550MedJan 27, 2025
    risk 0.26cvss 4.0epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.

  • CVE-2016-4707MedSep 25, 2016
    risk 0.26cvss 4.0epss 0.00

    CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.

  • CVE-2016-7577LowFeb 20, 2017
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

  • CVE-2016-4747LowSep 18, 2016
    risk 0.24cvss 3.7epss 0.01

    Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

  • CVE-2016-1763LowMar 24, 2016
    risk 0.23cvss 3.5epss 0.01

    Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.

  • CVE-2024-23243LowMar 5, 2024
    risk 0.22cvss 3.3epss 0.01

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.

  • CVE-2017-13852LowNov 13, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted…

  • CVE-2017-7148LowOct 23, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.

  • CVE-2017-2404LowApr 2, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

  • CVE-2016-7657LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

  • CVE-2016-4665LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

Page 53 of 103