CVE Daily
← All tags

Tag: Apple iOS

All CVEs associated with "Apple iOS". Page 16/48 • 5688 CVEs.

Subscribe CVEs: RSS for “Apple iOS”  ·  RSS (High+Critical only)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2022-06-14
Low

CVE-2022-29482

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-mid…

CVSS: 3.7 CWE: CWE-295 - Improper Certificate Validation View on NVD
2022-05-26
High

CVE-2022-26771

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitra…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-26766

A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS…

CVSS: 5.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2022-26765

A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2022-26764

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved k…

CVSS: 4.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26763

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2022-26757

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6,…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-26751

A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 1…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26744

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26740

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26739

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26738

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26737

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-26736

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-26731

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private brow…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2022-26714

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, mac…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-26711

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A rem…

CVSS: 9.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2022-26706

An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Mo…

CVSS: 5.5 CWE: N/A View on NVD
Low

CVE-2022-26703

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from…

CVSS: 2.4 CWE: N/A View on NVD
High

CVE-2022-26702

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code wit…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-26701

A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel…

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2022-22675

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22673

This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2022-22672

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-22663

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 1…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2022-20821

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerabi…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2022-05-18
Medium

CVE-2022-22787

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2022-22785

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a mor…

CVSS: 5.9 CWE: CWE-565 - Reliance on Cookies without Validation and Integrity Checking View on NVD
High

CVE-2022-22784

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of…

CVSS: 8.1 CWE: CWE-91 - XML Injection (aka Blind XPath Injection) View on NVD
2022-04-30
Medium

CVE-2021-41994

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

CVSS: 6.6 CWE: CWE-310 View on NVD
2022-04-15
Medium

CVE-2022-20758

A vulnerability in the implementation of the Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial…

CVSS: 6.8 CWE: CWE-399 View on NVD
High

CVE-2022-20697

A vulnerability in the web services interface of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerab…

CVSS: 8.6 CWE: CWE-691 - Insufficient Control Flow Management View on NVD
Medium

CVE-2022-20694

A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Border Gateway Pro…

CVSS: 6.8 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2022-20693

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to in…

CVSS: 4.7 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
High

CVE-2022-20692

A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service condition (DoS) on an affected devic…

CVSS: 7.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2022-20684

A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthentica…

CVSS: 7.4 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2022-20683

A vulnerability in the Application Visibility and Control (AVC-FNF) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacke…

CVSS: 8.6 CWE: CWE-124 - Buffer Underwrite ('Buffer Underflow') View on NVD
High

CVE-2022-20682

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthe…

CVSS: 8.6 CWE: CWE-690 - Unchecked Return Value to NULL Pointer Dereference View on NVD
High

CVE-2022-20681

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate…

CVSS: 7.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2022-20679

A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS)…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-20678

A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) conditi…

CVSS: 8.6 CWE: CWE-413 - Improper Resource Locking View on NVD
Medium

CVE-2022-20676

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This…

CVSS: 5.1 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. Thi…

CVSS: 7.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2022-03-28
Critical

CVE-2021-45490

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.

CVSS: 9.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
2022-03-25
High

CVE-2021-44683

The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricki…

CVSS: 8.2 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
2022-03-23
Medium

CVE-2020-20096

Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-20095

iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-20094

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2020-20093

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via speciall…

CVSS: 6.5 CWE: N/A View on NVD
2022-03-18
Medium

CVE-2022-22671

An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from…

CVSS: 4.6 CWE: N/A View on NVD
Low

CVE-2022-22670

An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other ap…

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2022-22667

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22666

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-22659

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user informatio…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-22653

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-22652

The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4…

CVSS: 6.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2022-22643

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2022-22642

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2022-22641

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated priv…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22640

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute a…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22639

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2022-22638

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, ma…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2022-22636

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-22635

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22634

A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel pr…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2022-22633

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2022-22632

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application…

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2022-22622

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard su…

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2022-22621

This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able…

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Pro…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22618

This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22615

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5,…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22614

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5,…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2022-22613

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22612

A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Proce…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22611

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processin…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2022-22609

The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read o…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2022-22600

The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass ce…

CVSS: 5.5 CWE: N/A View on NVD
Low

CVE-2022-22599

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physica…

CVSS: 2.4 CWE: N/A View on NVD
Low

CVE-2022-22598

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view b…

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2022-22596

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privil…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-22594

A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A webs…

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2022-22593

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, m…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2022-22592

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted w…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-22590

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2022-22588

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a deni…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2022-22587

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22585

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macO…

CVSS: 7.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2022-22584

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file m…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2022-22579

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-22578

A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root pr…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2021-30771

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2022-03-11
Medium

CVE-2022-23625

Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by cau…

CVSS: 6.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2022-03-09
Low

CVE-2022-24465

Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability

CVSS: 3.3 CWE: N/A View on NVD
2022-03-03
Medium

CVE-2022-23849

The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric auth…

CVSS: 6.6 CWE: N/A View on NVD
2022-02-09
Medium

CVE-2022-22780

The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version…

CVSS: 4.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2022-02-02
Critical

CVE-2021-24043

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7,…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2022-01-04
Critical

CVE-2021-24042

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, Whats…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2021-12-23
Medium

CVE-2021-30767

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3.…

CVSS: 5.5 CWE: N/A View on NVD
Critical

CVE-2019-8703

This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2019-8702

This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user…

CVSS: 5.5 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing malic…

CVSS: 7.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Low

CVE-2017-2375

An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history ar…

CVSS: 3.3 CWE: N/A View on NVD
High

CVE-2017-13905

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capi…

CVSS: 8.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2017-13880

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2021-43849

cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.nikla…

CVSS: 6.2 CWE: CWE-617 - Reachable Assertion View on NVD
2021-12-16
Medium

CVE-2021-3179

GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.

CVSS: 5.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2021-40835

An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be…

CVSS: 4.6 CWE: N/A View on NVD
2021-12-14
Medium

CVE-2021-34425

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In ver…

CVSS: 4.7 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2021-12-02
Medium

CVE-2021-44518

An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. T…

CVSS: 6.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2021-11-24
High

CVE-2021-34424

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Critical

CVE-2021-34423

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Low

CVE-2021-43220

Microsoft Edge for iOS Spoofing Vulnerability

CVSS: 3.1 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
2021-11-11
Low

CVE-2021-34421

The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the…

CVSS: 3.7 CWE: CWE-459 - Incomplete Cleanup View on NVD
2021-11-10
Medium

CVE-2021-42111

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS…

CVSS: 5.5 CWE: N/A View on NVD
2021-11-09
Medium

CVE-2021-43192

In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2021-43191

JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2021-43188

In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2021-43187

In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.

CVSS: 5.3 CWE: N/A View on NVD