Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36224 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||||
| CVE-2020-36221 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | |||||
| CVE-2020-36229 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | |||||
| CVE-2020-36222 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | |||||
| CVE-2020-36228 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | |||||
| CVE-2020-36226 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||||
| CVE-2020-36227 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. | |||||
| CVE-2020-36223 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | |||||
| CVE-2020-9667 | 3 Adobe, Apple, Microsoft | 3 Genuine Service, Macos, Windows | 2021-06-28 | 6.9 MEDIUM | 6.5 MEDIUM |
| Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | |||||
| CVE-2011-0154 | 2 Apple, Microsoft | 3 Iphone Os, Itunes, Windows | 2021-06-23 | 5.1 MEDIUM | N/A |
| WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
| CVE-2011-3439 | 2 Apple, Suse | 4 Iphone Os, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2021-06-22 | 9.3 HIGH | N/A |
| FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | |||||
| CVE-2009-0947 | 1 Apple | 1 Files | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. | |||||
| CVE-2009-0948 | 1 Apple | 1 Files | 2021-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. | |||||
| CVE-2017-6458 | 4 Apple, Hpe, Ntp and 1 more | 5 Mac Os X, Hpux-ntp, Ntp and 2 more | 2021-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |||||
| CVE-2014-0117 | 2 Apache, Apple | 2 Http Server, Mac Os X | 2021-06-06 | 4.3 MEDIUM | N/A |
| The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. | |||||
| CVE-2017-3167 | 6 Apache, Apple, Debian and 3 more | 15 Http Server, Mac Os X, Debian Linux and 12 more | 2021-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | |||||
| CVE-2008-2939 | 4 Apache, Apple, Canonical and 1 more | 4 Http Server, Mac Os X, Ubuntu Linux and 1 more | 2021-06-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | |||||
| CVE-2015-3185 | 3 Apache, Apple, Canonical | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2021-06-06 | 4.3 MEDIUM | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | |||||
| CVE-2009-1955 | 7 Apache, Apple, Canonical and 4 more | 7 Apr-util, Mac Os X, Ubuntu Linux and 4 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | |||||
| CVE-2015-0228 | 4 Apache, Apple, Canonical and 1 more | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. | |||||
| CVE-2015-0253 | 3 Apache, Apple, Oracle | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. | |||||
| CVE-2007-1863 | 1 Apple | 1 Mac Os X Server | 2021-06-06 | 5.0 MEDIUM | N/A |
| cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | |||||
| CVE-2019-9517 | 11 Apache, Apple, Canonical and 8 more | 23 Traffic Server, Mac Os X, Swiftnio and 20 more | 2021-06-06 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. | |||||
| CVE-2009-3095 | 6 Apache, Apple, Debian and 3 more | 7 Http Server, Mac Os X, Debian Linux and 4 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. | |||||
| CVE-2011-0419 | 7 Apache, Apple, Freebsd and 4 more | 8 Http Server, Portable Runtime, Mac Os X and 5 more | 2021-06-06 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. | |||||
| CVE-2017-9788 | 6 Apache, Apple, Debian and 3 more | 16 Http Server, Mac Os X, Debian Linux and 13 more | 2021-06-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | |||||
| CVE-2014-3583 | 3 Apache, Apple, Canonical | 4 Http Server, Mac Os X, Os X Server and 1 more | 2021-06-06 | 5.0 MEDIUM | N/A |
| The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. | |||||
| CVE-2021-1870 | 3 Apple, Fedoraproject, Webkitgtk | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | |||||
| CVE-2021-1799 | 3 Apple, Fedoraproject, Webkitgtk | 8 Ipad Os, Iphone Os, Macos and 5 more | 2021-06-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. | |||||
| CVE-2021-1801 | 3 Apple, Fedoraproject, Webkitgtk | 7 Ipad Os, Iphone Os, Macos and 4 more | 2021-06-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2021-1789 | 3 Apple, Fedoraproject, Webkitgtk | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2021-06-02 | 6.8 MEDIUM | 8.8 HIGH |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-1765 | 3 Apple, Fedoraproject, Webkitgtk | 4 Mac Os X, Macos, Fedora and 1 more | 2021-06-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2020-29623 | 3 Apple, Fedoraproject, Webkitgtk | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2021-06-02 | 2.1 LOW | 3.3 LOW |
| "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. | |||||
| CVE-2021-21204 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Mac Os X, Debian Linux, Fedora and 1 more | 2021-06-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-9518 | 10 Apache, Apple, Canonical and 7 more | 19 Traffic Server, Mac Os X, Swiftnio and 16 more | 2021-05-27 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. | |||||
| CVE-2008-4211 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2021-05-23 | 10.0 HIGH | N/A |
| Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." | |||||
| CVE-2021-29488 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2021-05-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version. | |||||
| CVE-2019-8846 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-3864 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2021-05-18 | 7.2 HIGH | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. | |||||
| CVE-2019-8835 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8844 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8816 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8815 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8814 | 2 Apple, Redhat | 9 Icloud, Ipados, Iphone Os and 6 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8689 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8688 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8684 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8672 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8676 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-8669 | 2 Apple, Redhat | 10 Icloud, Iphone Os, Itunes and 7 more | 2021-05-18 | 9.3 HIGH | 8.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||