The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.
Max CVSS
2.4
EPSS Score
0.05%
Published
2023-06-23
Updated
2023-07-27
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.
Max CVSS
2.4
EPSS Score
0.06%
Published
2022-11-01
Updated
2022-11-02
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.
Max CVSS
2.4
EPSS Score
0.07%
Published
2021-08-24
Updated
2023-01-09
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
Max CVSS
2.4
EPSS Score
0.08%
Published
2020-10-27
Updated
2021-07-21
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
Max CVSS
2.6
EPSS Score
0.97%
Published
2015-11-18
Updated
2019-03-08
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
Max CVSS
2.6
EPSS Score
0.14%
Published
2015-12-11
Updated
2019-03-08
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-11-18
Updated
2019-03-08
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.
Max CVSS
2.1
EPSS Score
0.06%
Published
2014-09-18
Updated
2019-03-08
Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-03-14
Updated
2019-03-08
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-03-20
Updated
2019-09-26
10 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!