iOS

CVEs (634)

CVE	Vendor / Product	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2021-30858	Apple Inc. macOS	0.12	—	0.01	KEV	Aug 24, 2021	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-1879	Apple Inc. watchOS	0.12	—	0.01	KEV	Apr 2, 2021	This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
CVE-2020-9907	Apple Inc. tvOS	0.12	—	0.01	KEV	Oct 16, 2020	A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9818	Apple Inc. watchOS	0.12	—	0.01	KEV	Jun 9, 2020	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
CVE-2020-9819	Apple Inc. watchOS	0.12	—	0.01	KEV	Jun 9, 2020	A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.
CVE-2020-9859	Apple Inc. macOS	0.12	—	0.00	KEV	Jun 5, 2020	A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-7287	Apple Inc. iOS	0.12	—	0.05	KEV	Dec 18, 2019	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-6223	Apple Inc. macOS	0.12	—	0.00	KEV	Mar 5, 2019	A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
CVE-2020-9850	Apple Inc. Safari	0.10	—	0.83		Jun 9, 2020	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-6225	Apple Inc. macOS	0.08	—	0.65		Mar 5, 2019	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
CVE-2019-8672	Apple Inc. macOS	0.07	—	0.47		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9839	Apple Inc. macOS	0.06	—	0.36		Jun 9, 2020	A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
CVE-2019-8689	Apple Inc. macOS	0.06	—	0.35		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8518	Apple Inc. Safari	0.06	—	0.42		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6215	Apple Inc. Safari	0.06	—	0.32		Mar 5, 2019	A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8671	Apple Inc. macOS	0.05	—	0.25		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8641	Apple Inc. macOS	0.05	—	0.21		Dec 18, 2019	An out-of-bounds read was addressed with improved input validation.
CVE-2019-8623	Apple Inc. macOS	0.05	—	0.28		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8622	Apple Inc. macOS	0.05	—	0.28		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8611	Apple Inc. macOS	0.05	—	0.24		Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30858KEVAug 24, 2021
Apple Inc.
macOS
risk 0.12cvss —epss 0.01
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-1879KEVApr 2, 2021
Apple Inc.
watchOS
risk 0.12cvss —epss 0.01
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
CVE-2020-9907KEVOct 16, 2020
Apple Inc.
tvOS
risk 0.12cvss —epss 0.01
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9818KEVJun 9, 2020
Apple Inc.
watchOS
risk 0.12cvss —epss 0.01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
CVE-2020-9819KEVJun 9, 2020
Apple Inc.
watchOS
risk 0.12cvss —epss 0.01
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.
CVE-2020-9859KEVJun 5, 2020
Apple Inc.
macOS
risk 0.12cvss —epss 0.00
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-7287KEVDec 18, 2019
Apple Inc.
iOS
risk 0.12cvss —epss 0.05
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges.
CVE-2019-6223KEVMar 5, 2019
Apple Inc.
macOS
risk 0.12cvss —epss 0.00
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. The initiator of a Group FaceTime call may be able to cause the recipient to answer.
CVE-2020-9850Jun 9, 2020
Apple Inc.
Safari
risk 0.10cvss —epss 0.83
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-6225Mar 5, 2019
Apple Inc.
macOS
risk 0.08cvss —epss 0.65
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
CVE-2019-8672Dec 18, 2019
Apple Inc.
macOS
risk 0.07cvss —epss 0.47
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2020-9839Jun 9, 2020
Apple Inc.
macOS
risk 0.06cvss —epss 0.36
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
CVE-2019-8689Dec 18, 2019
Apple Inc.
macOS
risk 0.06cvss —epss 0.35
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8518Dec 18, 2019
Apple Inc.
Safari
risk 0.06cvss —epss 0.42
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6215Mar 5, 2019
Apple Inc.
Safari
risk 0.06cvss —epss 0.32
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8671Dec 18, 2019
Apple Inc.
macOS
risk 0.05cvss —epss 0.25
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8641Dec 18, 2019
Apple Inc.
macOS
risk 0.05cvss —epss 0.21
An out-of-bounds read was addressed with improved input validation.
CVE-2019-8623Dec 18, 2019
Apple Inc.
macOS
risk 0.05cvss —epss 0.28
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8622Dec 18, 2019
Apple Inc.
macOS
risk 0.05cvss —epss 0.28
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8611Dec 18, 2019
Apple Inc.
macOS
risk 0.05cvss —epss 0.24
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

Page 8 of 32