iOS

CVEs (2,979)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2016-4620	Apple Inc. iOS	Low	0.21	3.3	0.00		Sep 18, 2016	The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVE-2016-1849	Apple Inc. Safari	Low	0.21	3.3	0.00		May 20, 2016	The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
CVE-2016-1790	Apple Inc. iOS	Low	0.21	3.3	0.00		May 20, 2016	Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2016-1758	Apple Inc. iOS	Low	0.21	3.3	0.00		Mar 24, 2016	The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
CVE-2014-4407	Apple Inc. iOS	Low	0.21	3.3	0.00		Sep 18, 2014	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
CVE-2016-4583	Apple Inc. Safari	Low	0.20	3.1	0.00		Jul 22, 2016	WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
CVE-2023-41064	Apple Inc. macOS		0.19	—	0.85	KEV	Sep 7, 2023	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to…
CVE-2016-4740	Apple Inc. iOS	Low	0.19	2.9	0.00		Sep 18, 2016	Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2021-30860	Apple Inc. iOS		0.18	—	0.72	KEV	Aug 24, 2021	An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a…
CVE-2024-54485	Apple Inc. Ipados	Low	0.16	2.4	0.00		Dec 12, 2024	The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-40822	Apple Inc. macOS	Low	0.16	2.4	0.00		Jul 29, 2024	This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock…
CVE-2024-27819	Apple Inc. Ipados	Low	0.16	2.4	0.00		Jun 10, 2024	The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.
CVE-2024-27835	Apple Inc. Ipados	Low	0.16	2.4	0.00		May 14, 2024	This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
CVE-2024-27803	Apple Inc. Ipados	Low	0.16	2.4	0.00		May 14, 2024	A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
CVE-2024-23255	Apple Inc. macOS	Low	0.16	2.4	0.00		Mar 8, 2024	An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.
CVE-2023-32434	Apple Inc. macOS		0.16	—	0.52	KEV	Jun 23, 2023	An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute…
CVE-2020-27930	Apple Inc. watchOS		0.16	—	0.44	KEV	Dec 8, 2020	A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS…
CVE-2020-27950	Apple Inc. macOS		0.16	—	0.44	KEV	Dec 8, 2020	A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental…
CVE-2020-3837	Apple Inc. tvOS		0.16	—	0.06	KEV	Feb 27, 2020	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8605	Apple Inc. iOS		0.16	—	0.14	KEV	Dec 18, 2019	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

CVE-2016-4620LowSep 18, 2016
Apple Inc.
iOS
risk 0.21cvss 3.3epss 0.00
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.
CVE-2016-1849LowMay 20, 2016
Apple Inc.
Safari
risk 0.21cvss 3.3epss 0.00
The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
CVE-2016-1790LowMay 20, 2016
Apple Inc.
iOS
risk 0.21cvss 3.3epss 0.00
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2016-1758LowMar 24, 2016
Apple Inc.
iOS
risk 0.21cvss 3.3epss 0.00
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
CVE-2014-4407LowSep 18, 2014
Apple Inc.
iOS
risk 0.21cvss 3.3epss 0.00
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
CVE-2016-4583LowJul 22, 2016
Apple Inc.
Safari
risk 0.20cvss 3.1epss 0.00
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.
CVE-2023-41064KEVSep 7, 2023
Apple Inc.
macOS
risk 0.19cvss —epss 0.85
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to…
CVE-2016-4740LowSep 18, 2016
Apple Inc.
iOS
risk 0.19cvss 2.9epss 0.00
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
CVE-2021-30860KEVAug 24, 2021
Apple Inc.
iOS
risk 0.18cvss —epss 0.72
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a…
CVE-2024-54485LowDec 12, 2024
Apple Inc.
Ipados
risk 0.16cvss 2.4epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen.
CVE-2024-40822LowJul 29, 2024
Apple Inc.
macOS
risk 0.16cvss 2.4epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock…
CVE-2024-27819LowJun 10, 2024
Apple Inc.
Ipados
risk 0.16cvss 2.4epss 0.00
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to access contacts from the lock screen.
CVE-2024-27835LowMay 14, 2024
Apple Inc.
Ipados
risk 0.16cvss 2.4epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
CVE-2024-27803LowMay 14, 2024
Apple Inc.
Ipados
risk 0.16cvss 2.4epss 0.00
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
CVE-2024-23255LowMar 8, 2024
Apple Inc.
macOS
risk 0.16cvss 2.4epss 0.00
An authentication issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Photos in the Hidden Photos Album may be viewed without authentication.
CVE-2023-32434KEVJun 23, 2023
Apple Inc.
macOS
risk 0.16cvss —epss 0.52
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute…
CVE-2020-27930KEVDec 8, 2020
Apple Inc.
watchOS
risk 0.16cvss —epss 0.44
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS…
CVE-2020-27950KEVDec 8, 2020
Apple Inc.
macOS
risk 0.16cvss —epss 0.44
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental…
CVE-2020-3837KEVFeb 27, 2020
Apple Inc.
tvOS
risk 0.16cvss —epss 0.06
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-8605KEVDec 18, 2019
Apple Inc.
iOS
risk 0.16cvss —epss 0.14
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.

Page 37 of 149