iOS

CVEs (601)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2021-30775	Apple Inc. macOS	—	0.01	Sep 8, 2021	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.
CVE-2021-30770	Apple Inc. tvOS	—	0.00	Sep 8, 2021	A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
CVE-2021-30768	Apple Inc. macOS	—	0.01	Sep 8, 2021	A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2021-30760	Apple Inc. macOS	—	0.00	Sep 8, 2021	An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.
CVE-2021-30763	Apple Inc. watchOS	—	0.00	Sep 8, 2021	An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements.
CVE-2021-30758	Apple Inc. macOS	—	0.00	Sep 8, 2021	A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30759	Apple Inc. macOS	—	0.01	Sep 8, 2021	A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.
CVE-2021-30748	Apple Inc. macOS	—	0.01	Sep 8, 2021	A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30788	Apple Inc. macOS	—	0.00	Sep 8, 2021	This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2021-30796	Apple Inc. macOS	—	0.01	Sep 8, 2021	A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service.
CVE-2021-30799	Apple Inc. macOS	—	0.01	Sep 8, 2021	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30798	Apple Inc. macOS	—	0.00	Sep 8, 2021	A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences.
CVE-2021-30800	Apple Inc. iOS	—	0.00	Sep 8, 2021	This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.
CVE-2021-30871	Apple Inc. macOS	—	0.00	Aug 24, 2021	This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data.
CVE-2020-27951	Apple Inc. watchOS	—	0.00	Apr 2, 2021	This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.
CVE-2020-27929	Apple Inc. iOS	—	0.00	Dec 8, 2020	A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.
CVE-2019-8664	Apple Inc. watchOS	—	0.00	Oct 27, 2020	An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
CVE-2019-8531	Apple Inc. macOS	—	0.00	Oct 27, 2020	A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.
CVE-2019-8854	Apple Inc. macOS	—	0.00	Oct 27, 2020	A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
CVE-2019-8830	Apple Inc. macOS	—	0.02	Oct 27, 2020	An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

CVE-2021-30775Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.
CVE-2021-30770Sep 8, 2021
Apple Inc.
tvOS
risk 0.00cvss —epss 0.00
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
CVE-2021-30768Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.01
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2021-30760Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.
CVE-2021-30763Sep 8, 2021
Apple Inc.
watchOS
risk 0.00cvss —epss 0.00
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.7, watchOS 7.6. A shortcut may be able to bypass Internet permission requirements.
CVE-2021-30758Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30759Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.01
A stack overflow was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.
CVE-2021-30748Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30788Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2021-30796Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.01
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service.
CVE-2021-30799Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.01
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30798Sep 8, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences.
CVE-2021-30800Sep 8, 2021
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution.
CVE-2021-30871Aug 24, 2021
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
This issue was addressed with a new entitlement. This issue is fixed in iOS 14.7, watchOS 7.6, macOS Big Sur 11.5. A local attacker may be able to access analytics data.
CVE-2020-27951Apr 2, 2021
Apple Inc.
watchOS
risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation.
CVE-2020-27929Dec 8, 2020
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so.
CVE-2019-8664Oct 27, 2020
Apple Inc.
watchOS
risk 0.00cvss —epss 0.00
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.
CVE-2019-8531Oct 27, 2020
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted.
CVE-2019-8854Oct 27, 2020
Apple Inc.
macOS
risk 0.00cvss —epss 0.00
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
CVE-2019-8830Oct 27, 2020
Apple Inc.
macOS
risk 0.00cvss —epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

Page 12 of 31