Filtered by vendor Apple
Subscribe
Search
Total
1588 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9860 | 1 Apple | 1 Safari | 2020-10-29 | 5.8 MEDIUM | 5.4 MEDIUM |
| A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
| CVE-2019-8796 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2020-10-29 | 4.3 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iOS 12.4.3, watchOS 6.1, iOS 13.2 and iPadOS 13.2. AirDrop transfers may be unexpectedly accepted while in Everyone mode. | |||||
| CVE-2020-3918 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-29 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information. | |||||
| CVE-2019-8850 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory. | |||||
| CVE-2019-8853 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory. | |||||
| CVE-2020-9857 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari. | |||||
| CVE-2020-9939 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.4 MEDIUM | 6.4 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions. | |||||
| CVE-2019-8753 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2019-8754 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information. | |||||
| CVE-2019-8736 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2019-8737 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2019-8668 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service. | |||||
| CVE-2019-8538 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. Processing a maliciously crafted vcf file may lead to a denial of service. | |||||
| CVE-2019-8664 | 1 Apple | 2 Iphone Os, Watchos | 2020-10-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2019-8534 | 1 Apple | 1 Mac Os X | 2020-10-29 | 7.2 HIGH | 6.7 MEDIUM |
| A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-8528 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-29 | 7.2 HIGH | 6.7 MEDIUM |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-7291 | 1 Apple | 1 Airport Base Station Firmware | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2019-8582 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2018-4339 | 1 Apple | 1 Iphone Os | 2020-10-28 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier. | |||||
| CVE-2020-9772 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-28 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2020-9787 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences. | |||||
| CVE-2020-9810 | 1 Apple | 1 Mac Os X | 2020-10-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window. | |||||
| CVE-2020-9997 | 1 Apple | 2 Mac Os X, Watchos | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory. | |||||
| CVE-2020-9935 | 1 Apple | 1 Mac Os X | 2020-10-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account. | |||||
| CVE-2020-24721 | 2 Apple, Google | 2 Exposure Notifications, Exposure Notifications | 2020-10-22 | 3.3 LOW | 5.7 MEDIUM |
| An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework. | |||||
| CVE-2020-9913 | 1 Apple | 1 Mac Os X | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to leak sensitive user information. | |||||
| CVE-2020-9934 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2020-10-20 | 2.1 LOW | 5.5 MEDIUM |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. | |||||
| CVE-2020-9925 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2020-9916 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. | |||||
| CVE-2020-9915 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2020-9909 | 1 Apple | 4 Ipad Os, Iphone Os, Tvos and 1 more | 2020-10-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2020-9894 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9885 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. | |||||
| CVE-2020-9801 | 1 Apple | 1 Safari | 2020-10-16 | 4.6 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application. | |||||
| CVE-2019-8504 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory. | |||||
| CVE-2018-4356 | 1 Apple | 1 Iphone Os | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. | |||||
| CVE-2018-4926 | 4 Adobe, Apple, Google and 1 more | 5 Digital Editions, Iphone Os, Mac Os X and 2 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4278 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. | |||||
| CVE-2019-8760 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | |||||
| CVE-2019-13749 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13667 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13672 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page on iOS. | |||||
| CVE-2019-13742 | 2 Apple, Google | 2 Iphone Os, Chrome | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2019-14319 | 3 Apple, Google, Tiktok | 3 Iphone Os, Android, Tiktok | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic. | |||||
| CVE-2019-6208 | 1 Apple | 3 Iphone Os, Mac Os X, Tv Os | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes. | |||||
| CVE-2019-6222 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown. | |||||
| CVE-2019-8667 | 1 Apple | 1 Mac Os X | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect. | |||||
| CVE-2019-8691 | 1 Apple | 1 Mac Os X | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. | |||||
| CVE-2018-4216 | 1 Apple | 1 Iphone Os | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue existed in the handling of call URLs. This issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1. | |||||
| CVE-2019-8770 | 1 Apple | 1 Mac Os X | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents. | |||||