iOS

CVEs (2,979)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4603	Apple Inc. iOS	Med	0.28	4.3	0.00	Jul 22, 2016	Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
CVE-2016-1864	Apple Inc. Safari	Med	0.28	4.3	0.01	Jun 19, 2016	The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2016-1781	Apple Inc. Safari	Med	0.28	4.3	0.00	Mar 24, 2016	WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
CVE-2016-1780	Apple Inc. Webkit	Med	0.28	4.3	0.00	Mar 24, 2016	WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
CVE-2016-1728	Apple Inc. Safari	Med	0.28	4.3	0.01	Feb 1, 2016	The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web…
CVE-2015-7115	Apple Inc. tvOS	Med	0.28	4.3	0.01	Jan 10, 2016	libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
CVE-2024-54550	Apple Inc. macOS	Med	0.26	4.0	0.00	Jan 27, 2025	This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.
CVE-2016-4707	Apple Inc. iOS	Med	0.26	4.0	0.00	Sep 25, 2016	CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
CVE-2016-7577	Apple Inc. macOS	Low	0.24	3.7	0.00	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.
CVE-2016-4747	Apple Inc. iOS	Low	0.24	3.7	0.00	Sep 18, 2016	Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVE-2024-23243	Apple Inc. Ipados	Low	0.22	3.3	0.01	Mar 5, 2024	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.
CVE-2025-24145	Apple Inc. macOS	Low	0.21	3.3	0.00	Jan 27, 2025	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.
CVE-2024-44290	Apple Inc. Ipados	Low	0.21	3.3	0.00	Dec 12, 2024	This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.
CVE-2024-44200	Apple Inc. Ipados	Low	0.21	3.3	0.00	Dec 12, 2024	This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.
CVE-2024-40791	Apple Inc. macOS	Low	0.21	3.3	0.00	Sep 17, 2024	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.
CVE-2024-40778	Apple Inc. macOS	Low	0.21	3.3	0.00	Jul 29, 2024	An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.
CVE-2024-27845	Apple Inc. Ipados	Low	0.21	3.3	0.00	Jun 10, 2024	A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.
CVE-2024-27799	Apple Inc. macOS	Low	0.21	3.3	0.00	Jun 10, 2024	This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input…
CVE-2024-27839	Apple Inc. Ipados	Low	0.21	3.3	0.00	May 14, 2024	A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
CVE-2024-23228	Apple Inc. Ipados	Low	0.21	3.3	0.00	Apr 24, 2024	This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.

CVE-2016-4603MedJul 22, 2016
Apple Inc.
iOS
risk 0.28cvss 4.3epss 0.00
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
CVE-2016-1864MedJun 19, 2016
Apple Inc.
Safari
risk 0.28cvss 4.3epss 0.01
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2016-1781MedMar 24, 2016
Apple Inc.
Safari
risk 0.28cvss 4.3epss 0.00
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
CVE-2016-1780MedMar 24, 2016
Apple Inc.
Webkit
risk 0.28cvss 4.3epss 0.00
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
CVE-2016-1728MedFeb 1, 2016
Apple Inc.
Safari
risk 0.28cvss 4.3epss 0.01
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web…
CVE-2015-7115MedJan 10, 2016
Apple Inc.
tvOS
risk 0.28cvss 4.3epss 0.01
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
CVE-2024-54550MedJan 27, 2025
Apple Inc.
macOS
risk 0.26cvss 4.0epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.
CVE-2016-4707MedSep 25, 2016
Apple Inc.
iOS
risk 0.26cvss 4.0epss 0.00
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.
CVE-2016-7577LowFeb 20, 2017
Apple Inc.
macOS
risk 0.24cvss 3.7epss 0.00
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.
CVE-2016-4747LowSep 18, 2016
Apple Inc.
iOS
risk 0.24cvss 3.7epss 0.00
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.
CVE-2024-23243LowMar 5, 2024
Apple Inc.
Ipados
risk 0.22cvss 3.3epss 0.01
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information.
CVE-2025-24145LowJan 27, 2025
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.
CVE-2024-44290LowDec 12, 2024
Apple Inc.
Ipados
risk 0.21cvss 3.3epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, watchOS 11.1. An app may be able to determine a user’s current location.
CVE-2024-44200LowDec 12, 2024
Apple Inc.
Ipados
risk 0.21cvss 3.3epss 0.00
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An app may be able to read sensitive location information.
CVE-2024-40791LowSep 17, 2024
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.
CVE-2024-40778LowJul 29, 2024
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication.
CVE-2024-27845LowJun 10, 2024
Apple Inc.
Ipados
risk 0.21cvss 3.3epss 0.00
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments.
CVE-2024-27799LowJun 10, 2024
Apple Inc.
macOS
risk 0.21cvss 3.3epss 0.00
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input…
CVE-2024-27839LowMay 14, 2024
Apple Inc.
Ipados
risk 0.21cvss 3.3epss 0.00
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
CVE-2024-23228LowApr 24, 2024
Apple Inc.
Ipados
risk 0.21cvss 3.3epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked.

Page 35 of 149