Vendor CVEs
Apple Inc.
All CVEs
8,452 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-9987 | Med | 0.28 | 4.3 | 0.01 | Dec 8, 2020 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. | ||
| CVE-2020-9945 | Med | 0.28 | 4.3 | 0.01 | Dec 8, 2020 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. | ||
| CVE-2020-9942 | Med | 0.28 | 4.3 | 0.01 | Dec 8, 2020 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. | ||
| CVE-2020-9857 | Med | 0.28 | 4.3 | 0.01 | Oct 27, 2020 | An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data… | ||
| CVE-2019-8898 | Med | 0.28 | 4.3 | 0.01 | Oct 27, 2020 | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may… | ||
| CVE-2019-8834 | Med | 0.28 | 4.3 | 0.01 | Oct 27, 2020 | A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3… | ||
| CVE-2019-8827 | Med | 0.28 | 4.3 | 0.01 | Oct 27, 2020 | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2,… | ||
| CVE-2020-9935 | Med | 0.28 | 4.3 | 0.01 | Oct 22, 2020 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account. | ||
| CVE-2020-9894 | Med | 0.28 | 4.3 | 0.03 | Oct 16, 2020 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause… | ||
| CVE-2020-9784 | Med | 0.28 | 4.3 | 0.01 | Apr 1, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings. | ||
| CVE-2020-3888 | Med | 0.28 | 4.3 | 0.01 | Apr 1, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts. | ||
| CVE-2020-3887 | Med | 0.28 | 4.3 | 0.01 | Apr 1, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. | ||
| CVE-2020-3885 | Med | 0.28 | 4.3 | 0.02 | Apr 1, 2020 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed. | ||
| CVE-2020-3833 | Med | 0.28 | 4.3 | 0.01 | Feb 27, 2020 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing. | ||
| CVE-2019-8769 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2019 | An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history. | ||
| CVE-2019-8727 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2019 | A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing. | ||
| CVE-2019-8670 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2019 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. | ||
| CVE-2019-8550 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2019 | An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | ||
| CVE-2019-7284 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2019 | This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | ||
| CVE-2019-6222 | Med | 0.28 | 4.3 | 0.01 | Dec 18, 2019 | A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. | ||
| CVE-2018-4445 | Med | 0.28 | 4.3 | 0.01 | Apr 3, 2019 | "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2. | ||
| CVE-2018-4440 | Med | 0.28 | 4.3 | 0.02 | Apr 3, 2019 | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9. | ||
| CVE-2018-4397 | Med | 0.28 | 4.3 | 0.01 | Apr 3, 2019 | Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS. | ||
| CVE-2018-4307 | Med | 0.28 | 4.3 | 0.01 | Apr 3, 2019 | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. | ||
| CVE-2018-4278 | Med | 0.28 | 4.3 | 0.02 | Jan 11, 2019 | In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | ||
| CVE-2018-4232 | Med | 0.28 | 4.3 | 0.02 | Jun 8, 2018 | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It… | ||
| CVE-2017-13873 | Med | 0.28 | 4.3 | 0.01 | Apr 3, 2018 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information… | ||
| CVE-2017-7152 | Med | 0.28 | 4.3 | 0.01 | Dec 27, 2017 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site. | ||
| CVE-2017-7144 | Med | 0.28 | 4.3 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. | ||
| CVE-2016-7759 | Med | 0.28 | 4.3 | 0.00 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher. | ||
| CVE-2016-7592 | Med | 0.28 | 4.3 | 0.02 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive… | ||
| CVE-2016-7581 | Med | 0.28 | 4.3 | 0.01 | Feb 20, 2017 | An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL. | ||
| CVE-2016-4603 | Med | 0.28 | 4.3 | 0.01 | Jul 22, 2016 | Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | ||
| CVE-2016-1864 | Med | 0.28 | 4.3 | 0.02 | Jun 19, 2016 | The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. | ||
| CVE-2016-1781 | Med | 0.28 | 4.3 | 0.01 | Mar 24, 2016 | WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | ||
| CVE-2016-1780 | Med | 0.28 | 4.3 | 0.01 | Mar 24, 2016 | WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | ||
| CVE-2016-1772 | Med | 0.28 | 4.3 | 0.01 | Mar 24, 2016 | The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. | ||
| CVE-2016-1764 | Med | 0.28 | 4.3 | 0.03 | Mar 24, 2016 | The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. | ||
| CVE-2009-2197 | Med | 0.28 | 4.3 | 0.01 | Mar 24, 2016 | Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | ||
| CVE-2016-1728 | Med | 0.28 | 4.3 | 0.02 | Feb 1, 2016 | The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web… | ||
| CVE-2015-7116 | Med | 0.28 | 4.3 | 0.02 | Jan 10, 2016 | libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. | ||
| CVE-2015-7115 | Med | 0.28 | 4.3 | 0.02 | Jan 10, 2016 | libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | ||
| CVE-2024-54503 | Med | 0.27 | 4.2 | 0.00 | Dec 12, 2024 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled. | ||
| CVE-2023-42934 | Med | 0.27 | 4.2 | 0.00 | Jan 10, 2024 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information. | ||
| CVE-2026-28882 | Med | 0.26 | 4.0 | 0.00 | Mar 25, 2026 | This issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps. | ||
| CVE-2026-28826 | Med | 0.26 | 4.0 | 0.00 | Mar 25, 2026 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox. | ||
| CVE-2025-43205 | Med | 0.26 | 4.0 | 0.00 | Nov 12, 2025 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR. | ||
| CVE-2025-43370 | Med | 0.26 | 4.0 | 0.00 | Sep 15, 2025 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | ||
| CVE-2025-43331 | Med | 0.26 | 4.0 | 0.00 | Sep 15, 2025 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | ||
| CVE-2025-43307 | Med | 0.26 | 4.0 | 0.00 | Sep 15, 2025 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. |
- risk 0.28cvss 4.3epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.
- risk 0.28cvss 4.3epss 0.01
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.
- risk 0.28cvss 4.3epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.
- risk 0.28cvss 4.3epss 0.01
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data…
- risk 0.28cvss 4.3epss 0.01
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may…
- risk 0.28cvss 4.3epss 0.01
A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3…
- risk 0.28cvss 4.3epss 0.01
The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2,…
- risk 0.28cvss 4.3epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.
- risk 0.28cvss 4.3epss 0.03
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause…
- risk 0.28cvss 4.3epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings.
- risk 0.28cvss 4.3epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts.
- risk 0.28cvss 4.3epss 0.01
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.
- risk 0.28cvss 4.3epss 0.02
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
- risk 0.28cvss 4.3epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.
- risk 0.28cvss 4.3epss 0.01
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.
- risk 0.28cvss 4.3epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.
- risk 0.28cvss 4.3epss 0.01
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.
- risk 0.28cvss 4.3epss 0.01
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.
- risk 0.28cvss 4.3epss 0.01
This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
- risk 0.28cvss 4.3epss 0.01
A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown.
- risk 0.28cvss 4.3epss 0.01
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2.
- risk 0.28cvss 4.3epss 0.02
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
- risk 0.28cvss 4.3epss 0.01
Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.
- risk 0.28cvss 4.3epss 0.01
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12.
- risk 0.28cvss 4.3epss 0.02
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
- risk 0.28cvss 4.3epss 0.02
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It…
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information…
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling.
- risk 0.28cvss 4.3epss 0.00
An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher.
- risk 0.28cvss 4.3epss 0.02
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component, which allows remote attackers to obtain sensitive…
- risk 0.28cvss 4.3epss 0.01
An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL.
- risk 0.28cvss 4.3epss 0.01
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.
- risk 0.28cvss 4.3epss 0.02
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
- risk 0.28cvss 4.3epss 0.01
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
- risk 0.28cvss 4.3epss 0.01
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
- risk 0.28cvss 4.3epss 0.03
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.
- risk 0.28cvss 4.3epss 0.01
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog.
- risk 0.28cvss 4.3epss 0.02
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web…
- risk 0.28cvss 4.3epss 0.02
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.
- risk 0.28cvss 4.3epss 0.02
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
- risk 0.27cvss 4.2epss 0.00
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled.
- risk 0.27cvss 4.2epss 0.00
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.
- risk 0.26cvss 4.0epss 0.00
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.
- risk 0.26cvss 4.0epss 0.00
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A malicious app may be able to break out of its sandbox.
- risk 0.26cvss 4.0epss 0.00
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.
- risk 0.26cvss 4.0epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
- risk 0.26cvss 4.0epss 0.00
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
- risk 0.26cvss 4.0epss 0.00
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Page 95 of 170