VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2023-27928LowMay 8, 2023
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to access information about a…

  • CVE-2023-23541LowMay 8, 2023
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.

  • CVE-2023-23523LowMay 8, 2023
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.

  • CVE-2023-23505LowFeb 27, 2023
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access…

  • CVE-2023-23498LowFeb 27, 2023
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.

  • CVE-2023-23493LowFeb 27, 2023
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password.

  • CVE-2022-42838LowFeb 27, 2023
    risk 0.21cvss 3.3epss 0.00

    An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed.

  • CVE-2022-32913LowNov 1, 2022
    risk 0.21cvss 3.3epss 0.00

    The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, watchOS 9, macOS Monterey 12.6, tvOS 16. A sandboxed app may be able to determine which app is currently using the camera.

  • CVE-2022-32835LowNov 1, 2022
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

  • CVE-2022-22656LowMar 18, 2022
    risk 0.21cvss 3.3epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching…

  • CVE-2022-22598LowMar 18, 2022
    risk 0.21cvss 3.3epss 0.00

    An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.

  • CVE-2017-2375LowDec 23, 2021
    risk 0.21cvss 3.3epss 0.00

    An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.

  • CVE-2021-30671LowSep 8, 2021
    risk 0.21cvss 3.3epss 0.01

    A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder.

  • CVE-2021-30994LowAug 24, 2021
    risk 0.21cvss 3.3epss 0.01

    An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.

  • CVE-2021-30908LowAug 24, 2021
    risk 0.21cvss 3.3epss 0.00

    An authentication issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen.

  • CVE-2021-30875LowAug 24, 2021
    risk 0.21cvss 3.3epss 0.00

    A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen.

  • CVE-2021-1803LowApr 2, 2021
    risk 0.21cvss 3.3epss 0.01

    The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents.

  • CVE-2021-1771LowApr 2, 2021
    risk 0.21cvss 3.3epss 0.01

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group.

  • CVE-2020-29623LowApr 2, 2021
    risk 0.21cvss 3.3epss 0.00

    "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be…

  • CVE-2020-9786LowOct 27, 2020
    risk 0.21cvss 3.3epss 0.01

    This issue was addressed with improved checks This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. An application may be able to trigger a sysdiagnose.

  • CVE-2019-8857LowOct 27, 2020
    risk 0.21cvss 3.3epss 0.00

    The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

  • CVE-2019-8809LowOct 27, 2020
    risk 0.21cvss 3.3epss 0.00

    A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier.

  • CVE-2019-8642LowOct 27, 2020
    risk 0.21cvss 3.3epss 0.00

    An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted…

  • CVE-2020-9912LowOct 16, 2020
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.

  • CVE-2020-9780LowApr 1, 2020
    risk 0.21cvss 3.3epss 0.00

    The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.

  • CVE-2020-9776LowApr 1, 2020
    risk 0.21cvss 3.3epss 0.01

    This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history.

  • CVE-2020-9773LowApr 1, 2020
    risk 0.21cvss 3.3epss 0.01

    The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed.

  • CVE-2020-3873LowFeb 27, 2020
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews.

  • CVE-2020-3844LowFeb 27, 2020
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state.

  • CVE-2020-3830LowFeb 27, 2020
    risk 0.21cvss 3.3epss 0.00

    A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.

  • CVE-2019-8730LowDec 18, 2019
    risk 0.21cvss 3.3epss 0.00

    The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. This issue is fixed in macOS Catalina 10.15. A local user may be able to view a user’s locked notes.

  • CVE-2019-8630LowDec 18, 2019
    risk 0.21cvss 3.3epss 0.00

    The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.

  • CVE-2019-8541LowDec 18, 2019
    risk 0.21cvss 3.3epss 0.00

    A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs.

  • CVE-2018-4446LowApr 3, 2019
    risk 0.21cvss 3.3epss 0.01

    This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.

  • CVE-2018-4352LowApr 3, 2019
    risk 0.21cvss 3.3epss 0.00

    A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.

  • CVE-2018-4322LowApr 3, 2019
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.

  • CVE-2017-13877LowApr 3, 2018
    risk 0.21cvss 3.3epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.

  • CVE-2017-13801LowNov 13, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.

  • CVE-2017-7138LowOct 23, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.

  • CVE-2017-2384LowApr 2, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.

  • CVE-2016-7714LowFeb 20, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via…

  • CVE-2016-7625LowFeb 20, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOKit" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

  • CVE-2016-7624LowFeb 20, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

  • CVE-2016-7620LowFeb 20, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.

  • CVE-2016-4670LowFeb 20, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths of arbitrary passwords by reading a log.

  • CVE-2016-4749LowSep 18, 2016
    risk 0.21cvss 3.3epss 0.00

    Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file.

  • CVE-2016-4645LowJul 22, 2016
    risk 0.21cvss 3.3epss 0.00

    CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2016-1862LowJun 19, 2016
    risk 0.21cvss 3.3epss 0.01

    Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.

  • CVE-2016-1860LowJun 19, 2016
    risk 0.21cvss 3.3epss 0.01

    Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.

  • CVE-2016-1849LowMay 20, 2016
    risk 0.21cvss 3.3epss 0.00

    The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.

Page 99 of 170