Vendor CVEs
Apple Inc.
All CVEs
8,439 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8633 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. | ||
| CVE-2019-8631 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. | ||
| CVE-2019-8618 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions. | ||
| CVE-2019-8588 | Hig | 0.49 | 7.5 | 0.02 | Oct 27, 2020 | A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service. | ||
| CVE-2019-8580 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted. | ||
| CVE-2019-8575 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information. | ||
| CVE-2019-8573 | Hig | 0.49 | 7.5 | 0.02 | Oct 27, 2020 | An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. | ||
| CVE-2019-8564 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state. | ||
| CVE-2018-4474 | Hig | 0.49 | 7.5 | 0.02 | Oct 27, 2020 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. | ||
| CVE-2020-9924 | Hig | 0.49 | 7.5 | 0.02 | Oct 22, 2020 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service. | ||
| CVE-2020-9905 | Hig | 0.49 | 7.5 | 0.03 | Oct 22, 2020 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service. | ||
| CVE-2020-9869 | Hig | 0.49 | 7.5 | 0.02 | Oct 22, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination. | ||
| CVE-2020-9828 | Hig | 0.49 | 7.5 | 0.01 | Oct 22, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information. | ||
| CVE-2020-9931 | Hig | 0.49 | 7.5 | 0.02 | Oct 16, 2020 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination. | ||
| CVE-2020-9917 | Hig | 0.49 | 7.5 | 0.02 | Oct 16, 2020 | This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service. | ||
| CVE-2020-9914 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2020 | An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed… | ||
| CVE-2020-9911 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. | ||
| CVE-2020-9903 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. | ||
| CVE-2020-9844 | Hig | 0.49 | 7.5 | 0.02 | Jun 9, 2020 | A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2020-9839 | Hig | 0.49 | 7.0 | 0.04 | Jun 9, 2020 | A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. | ||
| CVE-2020-9837 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. | ||
| CVE-2020-9827 | Hig | 0.49 | 7.5 | 0.02 | Jun 9, 2020 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. | ||
| CVE-2020-9826 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. | ||
| CVE-2020-9824 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings. | ||
| CVE-2020-9823 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. | ||
| CVE-2020-9820 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. | ||
| CVE-2020-9840 | Hig | 0.49 | 7.5 | 0.01 | May 11, 2020 | In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. | ||
| CVE-2019-8741 | Hig | 0.49 | 7.5 | 0.02 | Feb 28, 2020 | A denial of service issue was addressed with improved input validation. | ||
| CVE-2020-3877 | Hig | 0.49 | 7.5 | 0.02 | Feb 27, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | ||
| CVE-2012-5366 | Hig | 0.49 | 7.5 | 0.02 | Feb 20, 2020 | The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. | ||
| CVE-2016-4676 | Hig | 0.49 | 7.5 | 0.02 | Feb 3, 2020 | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | ||
| CVE-2019-8788 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration. | ||
| CVE-2019-8787 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory. | ||
| CVE-2019-8772 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF. | ||
| CVE-2019-8699 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection. | ||
| CVE-2019-8665 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2019 | A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination. | ||
| CVE-2019-8659 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state. | ||
| CVE-2019-8620 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2019 | A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. | ||
| CVE-2019-8567 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address. | ||
| CVE-2019-8516 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2019 | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. | ||
| CVE-2019-6236 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution. | ||
| CVE-2019-6232 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. | ||
| CVE-2018-4436 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. | ||
| CVE-2018-4398 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. | ||
| CVE-2018-4369 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | ||
| CVE-2018-4329 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | ||
| CVE-2018-4276 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6. | ||
| CVE-2018-4274 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. | ||
| CVE-2018-4248 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2. | ||
| CVE-2018-4203 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. |
- risk 0.49cvss 7.5epss 0.01
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.
- risk 0.49cvss 7.5epss 0.02
A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service.
- risk 0.49cvss 7.5epss 0.01
Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted.
- risk 0.49cvss 7.5epss 0.01
The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information.
- risk 0.49cvss 7.5epss 0.02
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.
- risk 0.49cvss 7.5epss 0.02
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.
- risk 0.49cvss 7.5epss 0.02
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.03
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to leak sensitive user information.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.
- risk 0.49cvss 7.5epss 0.02
This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed…
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.
- risk 0.49cvss 7.5epss 0.02
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.49cvss 7.0epss 0.04
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.
- risk 0.49cvss 7.5epss 0.01
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.
- risk 0.49cvss 7.5epss 0.01
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved input validation.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
- risk 0.49cvss 7.5epss 0.02
The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
- risk 0.49cvss 7.5epss 0.02
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.
- risk 0.49cvss 7.5epss 0.01
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.
- risk 0.49cvss 7.5epss 0.01
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF.
- risk 0.49cvss 7.5epss 0.01
A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to cause the recipient to answer a simultaneous Walkie-Talkie connection.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination.
- risk 0.49cvss 7.5epss 0.01
This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.
- risk 0.49cvss 7.5epss 0.02
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.
- risk 0.49cvss 7.5epss 0.01
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.2. A device may be passively tracked by its WiFi MAC address.
- risk 0.49cvss 7.5epss 0.02
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
- risk 0.49cvss 7.5epss 0.01
A race condition existed during the installation of iCloud for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iCloud installer in an untrusted directory may result in arbitrary code execution.
- risk 0.49cvss 7.5epss 0.01
A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
- risk 0.49cvss 7.5epss 0.01
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.
- risk 0.49cvss 7.5epss 0.02
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
- risk 0.49cvss 7.5epss 0.02
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
- risk 0.49cvss 7.5epss 0.01
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12.
- risk 0.49cvss 7.5epss 0.01
A null pointer dereference was addressed with improved validation. This issue affected versions prior to macOS High Sierra 10.13.6.
- risk 0.49cvss 7.5epss 0.01
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
Page 48 of 169