iOS

CVEs (2,979)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2022-26757	Apple Inc. macOS	0.01	—	0.07	May 26, 2022	A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with…
CVE-2022-22639	Apple Inc. Ipados	0.01	—	0.08	Mar 18, 2022	A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.
CVE-2019-6203	Apple Inc. tvOS	0.01	—	0.10	Apr 17, 2020	A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
CVE-2019-8601	Apple Inc. Safari	0.01	—	0.10	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead…
CVE-2019-8600	Apple Inc. tvOS	0.01	—	0.13	Dec 18, 2019	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
CVE-2018-4327	Apple Inc. iOS	0.01	—	0.15	Apr 3, 2019	A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.
CVE-2018-4280	Apple Inc. tvOS	0.01	—	0.19	Apr 3, 2019	A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
CVE-2018-4330	Apple Inc. iOS	0.01	—	0.15	Jan 11, 2019	In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
CVE-2018-4199	Apple Inc. Safari	0.01	—	0.07	Jun 8, 2018	An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It…
CVE-2018-4214	Apple Inc. Safari	0.01	—	0.07	Jun 8, 2018	An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
CVE-2018-4148	Apple Inc. iOS	0.01	—	0.08	Apr 3, 2018	An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.
CVE-2015-7038	Apple Inc. tvOS	0.01	—	0.06	Dec 11, 2015	Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
CVE-2015-6988	Apple Inc. iOS	0.01	—	0.11	Oct 23, 2015	The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
CVE-2015-1157	Apple Inc. iOS	0.01	—	0.08	May 28, 2015	CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1)…
CVE-2014-4481	Apple Inc. iOS	0.01	—	0.09	Jan 30, 2015	Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2014-4377	Apple Inc. iOS	0.01	—	0.11	Sep 18, 2014	Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2011-0228	Apple Inc. iOS	0.01	—	0.08	Aug 29, 2011	The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a…
CVE-2011-0226	FreeType Freetype	0.01	—	0.11	Jul 19, 2011	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
CVE-2010-1781	Apple Inc. iOS	0.01	—	0.08	Sep 9, 2010	Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
CVE-2010-1387	Apple Inc. iTunes	0.01	—	0.09	Jun 18, 2010	Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page…

CVE-2022-26757May 26, 2022
Apple Inc.
macOS
risk 0.01cvss —epss 0.07
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with…
CVE-2022-22639Mar 18, 2022
Apple Inc.
Ipados
risk 0.01cvss —epss 0.08
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.
CVE-2019-6203Apr 17, 2020
Apple Inc.
tvOS
risk 0.01cvss —epss 0.10
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
CVE-2019-8601Dec 18, 2019
Apple Inc.
Safari
risk 0.01cvss —epss 0.10
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead…
CVE-2019-8600Dec 18, 2019
Apple Inc.
tvOS
risk 0.01cvss —epss 0.13
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
CVE-2018-4327Apr 3, 2019
Apple Inc.
iOS
risk 0.01cvss —epss 0.15
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.
CVE-2018-4280Apr 3, 2019
Apple Inc.
tvOS
risk 0.01cvss —epss 0.19
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
CVE-2018-4330Jan 11, 2019
Apple Inc.
iOS
risk 0.01cvss —epss 0.15
In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling.
CVE-2018-4199Jun 8, 2018
Apple Inc.
Safari
risk 0.01cvss —epss 0.07
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It…
CVE-2018-4214Jun 8, 2018
Apple Inc.
Safari
risk 0.01cvss —epss 0.07
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue…
CVE-2018-4148Apr 3, 2018
Apple Inc.
iOS
risk 0.01cvss —epss 0.08
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.
CVE-2015-7038Dec 11, 2015
Apple Inc.
tvOS
risk 0.01cvss —epss 0.06
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.
CVE-2015-6988Oct 23, 2015
Apple Inc.
iOS
risk 0.01cvss —epss 0.11
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement.
CVE-2015-1157May 28, 2015
Apple Inc.
iOS
risk 0.01cvss —epss 0.08
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1)…
CVE-2014-4481Jan 30, 2015
Apple Inc.
iOS
risk 0.01cvss —epss 0.09
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2014-4377Sep 18, 2014
Apple Inc.
iOS
risk 0.01cvss —epss 0.11
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2011-0228Aug 29, 2011
Apple Inc.
iOS
risk 0.01cvss —epss 0.08
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a…
CVE-2011-0226Jul 19, 2011
FreeType
Freetype
risk 0.01cvss —epss 0.11
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…
CVE-2010-1781Sep 9, 2010
Apple Inc.
iOS
risk 0.01cvss —epss 0.08
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
CVE-2010-1387Jun 18, 2010
Apple Inc.
iTunes
risk 0.01cvss —epss 0.09
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page…

Page 46 of 149