VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2025-43203MedSep 15, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.

  • CVE-2025-43265MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.

  • CVE-2025-43250MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

  • CVE-2025-43230MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.

  • CVE-2025-43226MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of…

  • CVE-2025-43217MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.

  • CVE-2025-43206MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.

  • CVE-2025-43197MedJul 30, 2025
    risk 0.26cvss 4.0epss 0.00

    This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

  • CVE-2023-42973MedApr 11, 2025
    risk 0.26cvss 4.0epss 0.00

    Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.

  • CVE-2024-54550MedJan 27, 2025
    risk 0.26cvss 4.0epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.

  • CVE-2016-4707MedSep 25, 2016
    risk 0.26cvss 4.0epss 0.00

    CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors.

  • CVE-2020-8284LowDec 14, 2020
    risk 0.24cvss 3.7epss 0.04

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port…

  • CVE-2017-7084LowOct 23, 2017
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting…

  • CVE-2016-7577LowFeb 20, 2017
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended.

  • CVE-2016-4739LowSep 25, 2016
    risk 0.24cvss 3.7epss 0.01

    mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface.

  • CVE-2016-4747LowSep 18, 2016
    risk 0.24cvss 3.7epss 0.01

    Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors.

  • CVE-2022-48575LowJun 10, 2026
    risk 0.23cvss 3.5epss 0.00

    A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.

  • CVE-2023-23543LowMay 8, 2023
    risk 0.23cvss 3.6epss 0.00

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is currently using the…

  • CVE-2016-4751LowSep 25, 2016
    risk 0.23cvss 3.5epss 0.01

    The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site.

  • CVE-2016-1763LowMar 24, 2016
    risk 0.23cvss 3.5epss 0.01

    Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.

  • CVE-2024-23291LowMar 8, 2024
    risk 0.22cvss 3.3epss 0.01

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.

  • CVE-2022-22670LowMar 18, 2022
    risk 0.22cvss 3.3epss 0.01

    An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.

  • CVE-2021-30804LowSep 8, 2021
    risk 0.22cvss 3.3epss 0.01

    A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.

  • CVE-2021-30803LowSep 8, 2021
    risk 0.22cvss 3.3epss 0.01

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts.

  • CVE-2021-31000LowAug 24, 2021
    risk 0.22cvss 3.3epss 0.01

    A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

  • CVE-2020-27895LowDec 8, 2020
    risk 0.22cvss 3.3epss 0.01

    An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.

  • CVE-2019-8856LowOct 27, 2020
    risk 0.22cvss 3.3epss 0.01

    An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update…

  • CVE-2019-8842LowOct 27, 2020
    risk 0.22cvss 3.3epss 0.02

    A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.

  • CVE-2020-9986LowOct 22, 2020
    risk 0.22cvss 3.3epss 0.01

    A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.

  • CVE-2020-9933LowOct 16, 2020
    risk 0.22cvss 3.3epss 0.01

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

  • CVE-2019-8698LowDec 18, 2019
    risk 0.22cvss 3.3epss 0.01

    A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

  • CVE-2019-8566LowDec 18, 2019
    risk 0.22cvss 3.3epss 0.01

    An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user.

  • CVE-2019-8502LowDec 18, 2019
    risk 0.22cvss 3.3epss 0.01

    An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user…

  • CVE-2018-4470LowApr 3, 2019
    risk 0.22cvss 3.3epss 0.01

    A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.

  • CVE-2017-13852LowNov 13, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted…

  • CVE-2017-7148LowOct 23, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.

  • CVE-2017-2426LowApr 2, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "iBooks" component. It allows remote attackers to obtain sensitive information from local files via a file: URL in an iBooks file.

  • CVE-2017-2404LowApr 2, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

  • CVE-2017-2357LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "IOAudioFamily" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

  • CVE-2016-7657LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.

  • CVE-2016-4665LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read audio-recording metadata via a crafted app.

  • CVE-2016-4664LowFeb 20, 2017
    risk 0.22cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.

  • CVE-2016-4717LowSep 25, 2016
    risk 0.22cvss 3.3epss 0.01

    The File Bookmark component in Apple OS X before 10.12 mishandles scoped-bookmark file descriptors, which allows attackers to cause a denial of service via a crafted app.

  • CVE-2016-4715LowSep 25, 2016
    risk 0.22cvss 3.3epss 0.01

    The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app.

  • CVE-2016-4620LowSep 18, 2016
    risk 0.22cvss 3.3epss 0.01

    The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.

  • CVE-2016-1798LowMay 20, 2016
    risk 0.22cvss 3.3epss 0.01

    Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

  • CVE-2016-1796LowMay 20, 2016
    risk 0.22cvss 3.3epss 0.01

    Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app.

  • CVE-2016-1791LowMay 20, 2016
    risk 0.22cvss 3.3epss 0.01

    The AMD subsystem in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

  • CVE-2016-1790LowMay 20, 2016
    risk 0.22cvss 3.3epss 0.01

    Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

  • CVE-2016-1758LowMar 24, 2016
    risk 0.22cvss 3.3epss 0.01

    The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.

Page 96 of 170