iOS

CVEs (2,979)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-2399	Apple Inc. iOS	Med	0.30	4.6	0.00	Apr 2, 2017	An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather…
CVE-2017-2352	Apple Inc. watchOS	Med	0.30	4.6	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via…
CVE-2016-7638	Apple Inc. iOS	Med	0.30	4.6	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication.
CVE-2016-7634	Apple Inc. iOS	Med	0.30	4.6	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible.
CVE-2016-7597	Apple Inc. iOS	Med	0.30	4.6	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.
CVE-2014-2019	Apple Inc. iOS	Med	0.30	4.6	0.00	Feb 18, 2014	The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by…
CVE-2016-4686	Apple Inc. iOS	Med	0.29	4.4	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.
CVE-2016-1836	Xmlsoft Libxml2	Med	0.29	5.5	0.01	May 20, 2016	Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1833	Xmlsoft Libxml2	Med	0.29	5.5	0.00	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2025-24160	Apple Inc. macOS	Med	0.28	4.3	0.00	Jan 27, 2025	The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.
CVE-2025-24128	Apple Inc. macOS	Med	0.28	4.3	0.00	Jan 27, 2025	The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Visiting a malicious website may lead to address bar spoofing.
CVE-2025-24113	Apple Inc. macOS	Med	0.28	4.3	0.00	Jan 27, 2025	The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead…
CVE-2024-54535	Apple Inc. Ipados	Med	0.28	4.3	0.00	Jan 15, 2025	A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.
CVE-2024-27807	Apple Inc. Ipados	Med	0.28	4.3	0.00	Jun 10, 2024	The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5. An app may be able to circumvent App Privacy Report logging.
CVE-2024-23273	Apple Inc. macOS	Med	0.28	4.3	0.00	Mar 8, 2024	This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
CVE-2017-7152	Apple Inc. iOS	Med	0.28	4.3	0.00	Dec 27, 2017	An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-7144	Apple Inc. Safari	Med	0.28	4.3	0.00	Oct 23, 2017	An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.
CVE-2016-7759	Apple Inc. iOS	Med	0.28	4.3	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher.
CVE-2016-7592	Apple Inc. Safari	Med	0.28	4.3	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive…
CVE-2016-7581	Apple Inc. iOS	Med	0.28	4.3	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.

CVE-2017-2399MedApr 2, 2017
Apple Inc.
iOS
risk 0.30cvss 4.6epss 0.00
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather…
CVE-2017-2352MedFeb 20, 2017
Apple Inc.
watchOS
risk 0.30cvss 4.6epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via…
CVE-2016-7638MedFeb 20, 2017
Apple Inc.
iOS
risk 0.30cvss 4.6epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication.
CVE-2016-7634MedFeb 20, 2017
Apple Inc.
iOS
risk 0.30cvss 4.6epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible.
CVE-2016-7597MedFeb 20, 2017
Apple Inc.
iOS
risk 0.30cvss 4.6epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.
CVE-2014-2019MedFeb 18, 2014
Apple Inc.
iOS
risk 0.30cvss 4.6epss 0.00
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by…
CVE-2016-4686MedFeb 20, 2017
Apple Inc.
iOS
risk 0.29cvss 4.4epss 0.00
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Contacts" component, which does not prevent an app's Address Book access after access revocation.
CVE-2016-1836MedMay 20, 2016
Xmlsoft
Libxml2
risk 0.29cvss 5.5epss 0.01
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1833MedMay 20, 2016
Xmlsoft
Libxml2
risk 0.29cvss 5.5epss 0.00
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2025-24160MedJan 27, 2025
Apple Inc.
macOS
risk 0.28cvss 4.3epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.
CVE-2025-24128MedJan 27, 2025
Apple Inc.
macOS
risk 0.28cvss 4.3epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Visiting a malicious website may lead to address bar spoofing.
CVE-2025-24113MedJan 27, 2025
Apple Inc.
macOS
risk 0.28cvss 4.3epss 0.00
The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead…
CVE-2024-54535MedJan 15, 2025
Apple Inc.
Ipados
risk 0.28cvss 4.3epss 0.00
A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1, watchOS 11.1. An attacker with access to calendar data could also read reminders.
CVE-2024-27807MedJun 10, 2024
Apple Inc.
Ipados
risk 0.28cvss 4.3epss 0.00
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5. An app may be able to circumvent App Privacy Report logging.
CVE-2024-23273MedMar 8, 2024
Apple Inc.
macOS
risk 0.28cvss 4.3epss 0.00
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
CVE-2017-7152MedDec 27, 2017
Apple Inc.
iOS
risk 0.28cvss 4.3epss 0.00
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
CVE-2017-7144MedOct 23, 2017
Apple Inc.
Safari
risk 0.28cvss 4.3epss 0.00
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.
CVE-2016-7759MedFeb 20, 2017
Apple Inc.
iOS
risk 0.28cvss 4.3epss 0.00
An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher.
CVE-2016-7592MedFeb 20, 2017
Apple Inc.
Safari
risk 0.28cvss 4.3epss 0.00
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive…
CVE-2016-7581MedFeb 20, 2017
Apple Inc.
iOS
risk 0.28cvss 4.3epss 0.00
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.

Page 34 of 149