iOS

CVEs (626)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2019-8613	Apple Inc. tvOS	0.04	—	0.10	Dec 18, 2019	A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-8591	Apple Inc. macOS	0.04	—	0.08	Dec 18, 2019	A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.
CVE-2019-8558	Apple Inc. Safari	0.04	—	0.15	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6214	Apple Inc. macOS	0.04	—	0.08	Mar 5, 2019	A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
CVE-2019-6205	Apple Inc. macOS	0.04	—	0.09	Mar 5, 2019	A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
CVE-2019-6218	Apple Inc. macOS	0.04	—	0.06	Mar 5, 2019	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9802	Apple Inc. Safari	0.03	—	0.41	Jun 9, 2020	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8663	Apple Inc. macOS	0.03	—	0.02	Dec 18, 2019	This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.
CVE-2019-8646	Apple Inc. macOS	0.03	—	0.05	Dec 18, 2019	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
CVE-2019-8514	Apple Inc. macOS	0.03	—	0.03	Dec 18, 2019	A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
CVE-2019-6208	Apple Inc. macOS	0.03	—	0.06	Mar 5, 2019	A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
CVE-2019-6209	Apple Inc. macOS	0.03	—	0.05	Mar 5, 2019	An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
CVE-2019-6213	Apple Inc. macOS	0.03	—	0.04	Mar 5, 2019	A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
CVE-2024-44207	Apple Inc. Ipados	0.01	—	0.08	Oct 3, 2024	This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.
CVE-2019-6203	Apple Inc. macOS	0.01	—	0.10	Apr 17, 2020	A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
CVE-2019-8601	Apple Inc. macOS	0.01	—	0.10	Dec 18, 2019	Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8600	Apple Inc. macOS	0.01	—	0.13	Dec 18, 2019	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
CVE-2025-24141	Apple Inc. Ipados	0.00	—	0.00	Jan 27, 2025	An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.
CVE-2024-40839	Apple Inc. Ipados	0.00	—	0.00	Jan 15, 2025	This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
CVE-2024-44136	Apple Inc. Ipados	0.00	—	0.00	Jan 15, 2025	This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.

CVE-2019-8613Dec 18, 2019
Apple Inc.
tvOS
risk 0.04cvss —epss 0.10
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
CVE-2019-8591Dec 18, 2019
Apple Inc.
macOS
risk 0.04cvss —epss 0.08
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. An application may be able to cause unexpected system termination or write kernel memory.
CVE-2019-8558Dec 18, 2019
Apple Inc.
Safari
risk 0.04cvss —epss 0.15
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-6214Mar 5, 2019
Apple Inc.
macOS
risk 0.04cvss —epss 0.08
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to break out of its sandbox.
CVE-2019-6205Mar 5, 2019
Apple Inc.
macOS
risk 0.04cvss —epss 0.09
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
CVE-2019-6218Mar 5, 2019
Apple Inc.
macOS
risk 0.04cvss —epss 0.06
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2020-9802Jun 9, 2020
Apple Inc.
Safari
risk 0.03cvss —epss 0.41
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8663Dec 18, 2019
Apple Inc.
macOS
risk 0.03cvss —epss 0.02
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.
CVE-2019-8646Dec 18, 2019
Apple Inc.
macOS
risk 0.03cvss —epss 0.05
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
CVE-2019-8514Dec 18, 2019
Apple Inc.
macOS
risk 0.03cvss —epss 0.03
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
CVE-2019-6208Mar 5, 2019
Apple Inc.
macOS
risk 0.03cvss —epss 0.06
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
CVE-2019-6209Mar 5, 2019
Apple Inc.
macOS
risk 0.03cvss —epss 0.05
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout.
CVE-2019-6213Mar 5, 2019
Apple Inc.
macOS
risk 0.03cvss —epss 0.04
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges.
CVE-2024-44207Oct 3, 2024
Apple Inc.
Ipados
risk 0.01cvss —epss 0.08
This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated.
CVE-2019-6203Apr 17, 2020
Apple Inc.
macOS
risk 0.01cvss —epss 0.10
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
CVE-2019-8601Dec 18, 2019
Apple Inc.
macOS
risk 0.01cvss —epss 0.10
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2019-8600Dec 18, 2019
Apple Inc.
macOS
risk 0.01cvss —epss 0.13
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
CVE-2025-24141Jan 27, 2025
Apple Inc.
Ipados
risk 0.00cvss —epss 0.00
An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.
CVE-2024-40839Jan 15, 2025
Apple Inc.
Ipados
risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
CVE-2024-44136Jan 15, 2025
Apple Inc.
Ipados
risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection.

Page 9 of 32