CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14315 119 Overflow +Priv Bypass 2017-09-12 2019-05-14
7.9
None Local Network Medium Not required Complete Complete Complete
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
2 CVE-2019-8512 863 2019-12-18 2019-12-31
7.9
None Remote Medium ??? None Complete Complete
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.
3 CVE-2009-2815 399 DoS 2009-09-10 2009-09-24
7.8
None Remote Low Not required None None Complete
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
4 CVE-2011-0162 20 DoS 2011-03-11 2019-03-08
7.8
None Remote Low Not required None None Complete
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.
5 CVE-2012-2619 20 DoS 2012-11-14 2013-02-05
7.8
None Remote Low Not required None None Complete
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.
6 CVE-2013-5140 20 DoS 2013-09-19 2013-10-22
7.8
None Remote Low Not required None None Complete
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
7 CVE-2014-1271 20 DoS 2014-03-14 2019-03-08
7.8
None Remote Low Not required None None Complete
CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
8 CVE-2014-4369 DoS 2014-09-18 2019-03-08
7.8
None Remote Low Not required None None Complete
The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.
9 CVE-2014-4373 DoS 2014-09-18 2019-03-08
7.8
None Remote Low Not required None None Complete
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
10 CVE-2015-1063 DoS 2015-03-12 2015-09-11
7.8
None Remote Low Not required None None Complete
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
11 CVE-2015-1157 17 DoS 2015-05-28 2016-11-28
7.8
None Remote Low Not required None None Complete
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
12 CVE-2017-7086 400 DoS 2017-10-23 2019-10-03
7.8
None Remote Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function.
13 CVE-2018-4140 476 DoS 2018-04-03 2018-05-03
7.8
None Remote Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.
14 CVE-2019-8573 20 DoS 2020-10-27 2020-10-30
7.8
None Remote Low Not required None None Complete
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service.
15 CVE-2019-8741 835 DoS 2020-02-28 2020-04-01
7.8
None Remote Low Not required None None Complete
A denial of service issue was addressed with improved input validation.
16 CVE-2020-9844 415 2020-06-09 2020-10-16
7.8
None Remote Low Not required None None Complete
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
17 CVE-2021-30660 125 2021-09-08 2021-09-20
7.8
None Remote Low Not required Complete None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.
18 CVE-2021-30798 668 Bypass 2021-09-08 2021-09-14
7.8
None Remote Low Not required Complete None None
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences.
19 CVE-2017-2456 362 Exec Code 2017-04-02 2019-03-08
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
20 CVE-2017-2478 362 Exec Code 2017-04-02 2019-03-08
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
21 CVE-2017-2501 362 Exec Code 2017-05-22 2019-03-21
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
22 CVE-2017-6979 362 Exec Code 2017-05-22 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
23 CVE-2018-4151 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
24 CVE-2018-4154 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
25 CVE-2018-4155 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
26 CVE-2018-4156 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
27 CVE-2018-4157 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
28 CVE-2018-4158 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
29 CVE-2018-4166 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
30 CVE-2018-4167 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
31 CVE-2019-8565 362 +Priv 2019-12-18 2019-12-20
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with additional validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to gain root privileges.
32 CVE-2020-3831 362 Exec Code 2020-02-27 2020-03-02
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.
33 CVE-2021-30652 362 +Priv 2021-09-08 2021-09-20
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.
34 CVE-2021-30857 362 Exec Code 2021-08-24 2021-11-01
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.
35 CVE-2021-30955 362 Exec Code 2021-08-24 2021-12-29
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.
36 CVE-2021-30996 362 Exec Code 2021-08-24 2021-12-29
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.
37 CVE-2009-0946 190 Exec Code Overflow 2009-04-17 2021-04-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
38 CVE-2009-3273 310 2009-09-21 2019-09-26
7.5
None Remote Low Not required Partial Partial Partial
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
39 CVE-2010-1205 120 Exec Code Overflow 2010-06-30 2020-08-14
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
40 CVE-2010-4494 415 DoS 2010-12-07 2020-07-31
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
41 CVE-2011-0157 119 DoS Exec Code Overflow Mem. Corr. 2011-03-11 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.
42 CVE-2011-0228 20 2011-08-29 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
43 CVE-2011-0981 20 DoS 2011-02-10 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
44 CVE-2011-0983 20 DoS 2011-02-10 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
45 CVE-2011-1109 20 DoS 2011-03-01 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
46 CVE-2011-1114 DoS 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
47 CVE-2011-1115 DoS 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
48 CVE-2011-1117 DoS 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."
49 CVE-2011-1121 190 DoS Overflow 2011-03-01 2020-06-04
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.
50 CVE-2011-1188 DoS Mem. Corr. 2011-03-11 2020-06-03
7.5
None Remote Low Not required Partial Partial Partial
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Total number of vulnerabilities : 233   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.