CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os » 3.1 ~~~ipod Touch~~ : Security Vulnerabilities

Cpe Name:cpe:/o:apple:iphone_os:3.1::~~~ipod_touch~~
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2018-4191 119 Overflow Mem. Corr. 2019-04-03 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
152 CVE-2018-4190 522 +Info 2018-06-08 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.
153 CVE-2018-4189 119 Overflow Mem. Corr. 2019-01-11 2019-01-17
10.0
None Remote Low Not required Complete Complete Complete
In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling.
154 CVE-2018-4187 20 2018-06-08 2019-04-12
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message.
155 CVE-2018-4174 2018-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
156 CVE-2018-4173 269 2018-04-13 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
157 CVE-2018-4172 Bypass 2018-04-03 2019-10-02
2.1
None Local Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
158 CVE-2018-4167 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
159 CVE-2018-4166 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
160 CVE-2018-4165 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
161 CVE-2018-4163 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
162 CVE-2018-4162 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
163 CVE-2018-4161 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
164 CVE-2018-4158 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
165 CVE-2018-4157 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
166 CVE-2018-4156 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
167 CVE-2018-4155 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
168 CVE-2018-4154 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
169 CVE-2018-4151 362 Exec Code 2018-04-03 2019-10-02
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
170 CVE-2018-4147 119 Overflow Mem. Corr. 2019-01-11 2019-01-17
6.8
None Remote Medium Not required Partial Partial Partial
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling.
171 CVE-2018-4146 119 DoS Overflow Mem. Corr. 2018-04-03 2018-11-09
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.
172 CVE-2018-4145 119 Overflow Mem. Corr. 2019-04-03 2019-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4.
173 CVE-2018-4131 Bypass 2018-04-03 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states.
174 CVE-2018-4129 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
175 CVE-2018-4128 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
176 CVE-2018-4127 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
177 CVE-2018-4126 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.
178 CVE-2018-4125 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
179 CVE-2018-4122 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
180 CVE-2018-4120 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
181 CVE-2018-4119 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
182 CVE-2018-4118 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
183 CVE-2018-4117 200 Bypass +Info 2018-04-03 2018-11-09
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
184 CVE-2018-4115 281 Bypass 2018-04-03 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.
185 CVE-2018-4114 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
186 CVE-2018-4113 617 2018-04-03 2019-10-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing.
187 CVE-2018-4110 Bypass 2018-04-03 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie persistence.
188 CVE-2018-4101 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
189 CVE-2018-4100 400 DoS 2018-04-03 2019-10-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
190 CVE-2017-13903 2017-12-25 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.
191 CVE-2017-13891 20 2019-01-11 2019-01-17
4.3
None Remote Medium Not required None Partial None
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management.
192 CVE-2017-13888 704 2019-01-11 2019-01-17
5.0
None Remote Low Not required None Partial None
In iOS before 11.2, a type confusion issue was addressed with improved memory handling.
193 CVE-2017-13874 Bypass 2017-12-25 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.
194 CVE-2017-13861 119 DoS Exec Code Overflow Mem. Corr. 2017-12-25 2019-06-02
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
195 CVE-2017-13860 2017-12-25 2019-10-02
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
196 CVE-2017-13844 200 +Info 2017-11-12 2019-04-29
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
197 CVE-2017-13806 2018-04-03 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed.
198 CVE-2017-7152 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.
199 CVE-2017-7151 362 2019-04-03 2019-04-05
5.1
None Remote High Not required Partial Partial Partial
A race condition was addressed with additional validation. This issue affected versions prior to iOS 11.2, macOS High Sierra 10.13.2, tvOS 11.2, watchOS 4.2, iTunes 12.7.2 for Windows, macOS High Sierra 10.13.4.
200 CVE-2017-7043 119 DoS Exec Code Overflow Mem. Corr. 2017-07-20 2019-05-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Total number of vulnerabilities : 269   Page : 1 2 3 4 (This Page)5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.