VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2024-44137MedOct 28, 2024
    risk 0.30cvss 4.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access may be able to share items from the lock screen.

  • CVE-2024-44171MedSep 17, 2024
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

  • CVE-2024-40840MedSep 17, 2024
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2024-40829MedJul 29, 2024
    risk 0.30cvss 4.6epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker may be able to view restricted content from the lock screen.

  • CVE-2024-40818MedJul 29, 2024
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker with physical access may be able to use Siri to access…

  • CVE-2024-40813MedJul 29, 2024
    risk 0.30cvss 4.6epss 0.00

    A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2024-23251MedJun 10, 2024
    risk 0.30cvss 4.6epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials.

  • CVE-2024-23293MedMar 8, 2024
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed through improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2023-42855MedFeb 21, 2024
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased device.

  • CVE-2023-42897MedDec 12, 2023
    risk 0.30cvss 4.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2023-41997MedOct 25, 2023
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2023-41982MedOct 25, 2023
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.

  • CVE-2023-32391MedJun 23, 2023
    risk 0.30cvss 4.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.

  • CVE-2022-32935MedNov 1, 2022
    risk 0.30cvss 4.6epss 0.00

    A lock screen issue was addressed with improved state management. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16, macOS Ventura 13. A user may be able to view restricted content from the lock screen.

  • CVE-2022-22671MedMar 18, 2022
    risk 0.30cvss 4.6epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.

  • CVE-2022-22647MedMar 18, 2022
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.

  • CVE-2022-22622MedMar 18, 2022
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

  • CVE-2022-22621MedMar 18, 2022
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

  • CVE-2021-30702MedSep 8, 2021
    risk 0.30cvss 4.6epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window.

  • CVE-2021-30699MedSep 8, 2021
    risk 0.30cvss 4.6epss 0.00

    A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen.

  • CVE-2021-30668MedSep 8, 2021
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update.

  • CVE-2021-1835MedSep 8, 2021
    risk 0.30cvss 4.6epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to access notes from the lock screen.

  • CVE-2021-30948MedAug 24, 2021
    risk 0.30cvss 4.6epss 0.00

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.

  • CVE-2021-30932MedAug 24, 2021
    risk 0.30cvss 4.6epss 0.00

    The issue was addressed with improved permissions logic. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access contacts from the lock screen.

  • CVE-2020-27902MedDec 8, 2020
    risk 0.30cvss 4.6epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.

  • CVE-2020-9804MedJun 9, 2020
    risk 0.30cvss 4.6epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.

  • CVE-2020-9792MedJun 9, 2020
    risk 0.30cvss 4.6epss 0.00

    A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.

  • CVE-2018-4388MedApr 3, 2019
    risk 0.30cvss 4.6epss 0.00

    A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1.

  • CVE-2018-4252MedJun 8, 2018
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.

  • CVE-2018-4244MedJun 8, 2018
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri.

  • CVE-2018-4239MedJun 8, 2018
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image.

  • CVE-2018-4172MedApr 3, 2018
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving…

  • CVE-2018-4168MedApr 3, 2018
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.

  • CVE-2017-13786MedNov 13, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted…

  • CVE-2017-2452MedApr 2, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors.

  • CVE-2017-2399MedApr 2, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather…

  • CVE-2017-2352MedFeb 20, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via…

  • CVE-2016-7638MedFeb 20, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication.

  • CVE-2016-7634MedFeb 20, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are locally audible.

  • CVE-2016-7597MedFeb 20, 2017
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.

  • CVE-2016-4595MedJul 22, 2016
    risk 0.30cvss 4.6epss 0.00

    Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

  • CVE-2016-1851MedMay 20, 2016
    risk 0.30cvss 4.6epss 0.00

    The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vectors.

  • CVE-2014-2019MedFeb 18, 2014
    risk 0.30cvss 4.6epss 0.00

    The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by…

  • CVE-2026-20609MedFeb 11, 2026
    risk 0.29cvss 4.4epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted file may…

  • CVE-2025-43336MedNov 4, 2025
    risk 0.29cvss 4.4epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app with root privileges may be able to access private information.

  • CVE-2025-43310MedSep 15, 2025
    risk 0.29cvss 4.4epss 0.00

    A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard.

  • CVE-2025-43274MedJul 30, 2025
    risk 0.29cvss 4.4epss 0.00

    A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.

  • CVE-2025-24242MedMar 31, 2025
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.

  • CVE-2025-24136MedJan 27, 2025
    risk 0.29cvss 4.4epss 0.00

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk.

  • CVE-2025-24116MedJan 27, 2025
    risk 0.29cvss 4.4epss 0.00

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to bypass Privacy preferences.

Page 92 of 170