Apple iOS - 5688 CVEs (Page 21/48)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2021-03-19

Medium

CVE-2021-28653

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave suppo…

CVSS: 6.5 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD

2021-03-09

Medium

CVE-2021-21186

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a craft…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD

Medium

CVE-2021-21164

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD

Medium

CVE-2021-21163

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.

CVSS: 6.5 CWE: CWE-346 - Origin Validation Error View on NVD

2021-02-25

Medium

CVE-2021-24114

Microsoft Teams iOS Information Disclosure Vulnerability

CVSS: 5.7 CWE: N/A View on NVD

2021-02-24

Medium

CVE-2020-12702

Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eaves…

CVSS: 4.6 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD

2021-02-23

Medium

CVE-2021-27189

The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation.

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD

2021-02-11

Low

CVE-2021-21301

Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first ha…

CVSS: 2.6 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

2021-02-09

Medium

CVE-2021-21134

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD

2021-02-04

Medium

CVE-2021-1389

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access con…

CVSS: 5.8 CWE: CWE-284 - Improper Access Control View on NVD

High

CVE-2021-1370

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authentica…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD

High

CVE-2021-1313

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected…

CVSS: 8.6 CWE: CWE-399 View on NVD

High

CVE-2021-1288

CVSS: 8.6 CWE: CWE-399 View on NVD

High

CVE-2021-1268

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interfac…

CVSS: 7.4 CWE: CWE-1076 - Insufficient Adherence to Expected Conventions View on NVD

Medium

CVE-2021-1244

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Rout…

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2021-1243

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote atta…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2021-1136

CVSS: 6.7 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2021-1128

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient…

CVSS: 5.5 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD

2021-01-14

Medium

CVE-2020-16046

Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

2020-12-12

Medium

CVE-2020-35208

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authent…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD

Medium

CVE-2020-35207

An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authenticati…

CVSS: 5.7 CWE: CWE-287 - Improper Authentication View on NVD

2020-12-08

High

CVE-2020-9991

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to…

CVSS: 7.5 CWE: N/A View on NVD

High

CVE-2020-27918

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-27950

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave…

CVSS: 5.5 CWE: CWE-665 - Improper Initialization View on NVD

High

CVE-2020-27932

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security…

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD

High

CVE-2020-27930

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Secu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2020-27929

A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-27927

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously craft…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27926

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-27925

An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously w…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-27917

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2020-27916

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted au…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-27911

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD

High

CVE-2020-27910

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted aud…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-27909

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to ar…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-27905

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitra…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2020-27902

An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored pass…

CVSS: 4.6 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD

High

CVE-2020-10017

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-9996

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-9993

The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD

Medium

CVE-2020-9989

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2020-9988

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-9981

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, mac…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-9977

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPa…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD

Medium

CVE-2020-9974

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to deter…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-9972

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application term…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

Medium

CVE-2020-9969

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view sen…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-9966

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execut…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-9965

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2020-9963

The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files o…

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-9954

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-…

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD

High

CVE-2020-9950

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2020-9949

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD

High

CVE-2020-9947

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-9944

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read re…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2020-9943

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able t…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud fo…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

High

CVE-2020-10016

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to ex…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-10013

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-10011

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-10010

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate th…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2020-10004

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected applicatio…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 1…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD

Medium

CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Wi…

CVSS: 5.5 CWE: N/A View on NVD

2020-12-07

Critical

CVE-2020-5800

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.

CVSS: 9.8 CWE: CWE-669 - Incorrect Resource Transfer Between Spheres View on NVD

Critical

CVE-2020-5799

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data.

CVSS: 9.8 CWE: N/A View on NVD

2020-11-30

Medium

CVE-2020-29392

The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by t…

CVSS: 4.6 CWE: CWE-287 - Improper Authentication View on NVD

2020-11-13

Medium

CVE-2020-6157

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. T…

CVSS: 4.3 CWE: N/A View on NVD

High

CVE-2020-26230

Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID T…

CVSS: 7.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD

2020-11-12

High

CVE-2020-26070

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a de…

CVSS: 8.6 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD

2020-11-06

Critical

CVE-2020-3284

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PX…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD

Medium

CVE-2020-5667

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external…

CVSS: 5.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD

2020-11-03

Critical

CVE-2020-1909

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code ex…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2020-1908

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after th…

CVSS: 4.6 CWE: CWE-285 - Improper Authorization View on NVD

Medium

CVE-2020-15984

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL.

CVSS: 6.5 CWE: N/A View on NVD

2020-10-27

Medium

CVE-2020-9979

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content.

CVSS: 5.5 CWE: N/A View on NVD

High

CVE-2020-9973

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and i…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-9932

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbit…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2020-3880

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 M…

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and…

CVSS: 7.8 CWE: CWE-346 - Origin Validation Error View on NVD

Medium

CVE-2019-8901

This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be…

CVSS: 6.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD

Medium

CVE-2019-8898

An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.…

CVSS: 4.3 CWE: N/A View on NVD

Low

CVE-2019-8857

The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even i…

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD

Low

CVE-2019-8856

An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1…

CVSS: 3.3 CWE: N/A View on NVD

High

CVE-2019-8854

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC a…

CVSS: 7.5 CWE: N/A View on NVD

Medium

CVE-2019-8850

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, a…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2019-8848

This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2019-8846

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, i…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD

Medium

CVE-2019-8796

A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPad…

CVSS: 5.3 CWE: N/A View on NVD

Medium

CVE-2019-8664

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD

Critical

CVE-2019-8531

A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierr…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD

High

CVE-2019-8844

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTun…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8841

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privil…

CVSS: 7.8 CWE: N/A View on NVD

High

CVE-2019-8838

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Sec…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8836

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8835

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2019-8834

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, an…

CVSS: 4.3 CWE: N/A View on NVD

High

CVE-2019-8833

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and S…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8832

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8831

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8830

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-…

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2019-8829

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, i…

CVSS: 7.8 CWE: CWE-667 - Improper Locking View on NVD

High

CVE-2019-8828

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 fo…

CVSS: 4.3 CWE: N/A View on NVD

High

CVE-2019-8825

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001,…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Low

CVE-2019-8809

A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent a…

CVSS: 3.3 CWE: N/A View on NVD

Low

CVE-2019-8799

This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximit…

CVSS: 2.4 CWE: N/A View on NVD

Medium

CVE-2019-8780

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout.

CVSS: 5.5 CWE: N/A View on NVD

Medium

CVE-2019-8774

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Parsing a maliciously crafted iBooks file may lead to…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD

High

CVE-2019-8773

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2019-8771

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.

CVSS: 6.1 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD

Medium

CVE-2019-8762

A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Win…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

Critical

CVE-2019-8756

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Medium

CVE-2019-8753

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting a…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD

High

CVE-2019-8752

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

High

CVE-2019-8751

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2019-8749

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD

Critical

CVE-2019-8746

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.1…

CVSS: 9.8 CWE: CWE-125 - Out-of-bounds Read View on NVD

Medium

CVE-2019-8744

A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15…

CVSS: 5.5 CWE: CWE-787 - Out-of-bounds Write View on NVD