| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26765 |
362 |
|
Bypass |
2022-05-26 |
2022-06-08 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
|
2 |
CVE-2021-30992 |
668 |
|
+Info |
2021-08-24 |
2022-01-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata. |
|
3 |
CVE-2021-30908 |
|
|
|
2021-08-24 |
2021-11-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An authentication issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen. |
|
4 |
CVE-2021-30731 |
|
|
|
2021-09-08 |
2021-09-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina. An unprivileged application may be able to capture USB devices. |
|
5 |
CVE-2020-27925 |
|
|
|
2020-12-08 |
2020-12-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call. |
|
6 |
CVE-2020-9969 |
|
|
|
2020-12-08 |
2023-01-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information. |
|
7 |
CVE-2019-8757 |
362 |
|
|
2019-12-18 |
2019-12-26 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics. |
|
8 |
CVE-2016-4740 |
200 |
|
+Info |
2016-09-18 |
2017-08-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. |
|
9 |
CVE-2016-1807 |
362 |
|
+Info |
2016-05-20 |
2019-03-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. |
|
10 |
CVE-2015-6563 |
20 |
|
|
2015-08-24 |
2022-12-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. |
|
11 |
CVE-2015-3785 |
|
|
Bypass |
2015-10-09 |
2016-12-08 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. |
|
12 |
CVE-2015-1146 |
310 |
|
Bypass |
2015-04-10 |
2019-01-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. |
|
13 |
CVE-2015-1145 |
310 |
|
Bypass |
2015-04-10 |
2019-01-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. |
|
14 |
CVE-2015-1114 |
200 |
|
+Info |
2015-04-10 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. |
|
15 |
CVE-2015-1113 |
200 |
|
+Info |
2015-04-10 |
2017-01-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. |
|
16 |
CVE-2015-1107 |
|
|
|
2015-04-10 |
2017-01-03 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. |
|
17 |
CVE-2015-1097 |
200 |
|
+Info |
2015-04-10 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. |
|
18 |
CVE-2015-1096 |
200 |
|
+Info |
2015-04-10 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. |
|
19 |
CVE-2015-1094 |
200 |
|
+Info |
2015-04-10 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. |
|
20 |
CVE-2015-1085 |
264 |
|
|
2015-04-10 |
2017-01-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. |
|
21 |
CVE-2015-1064 |
200 |
|
Bypass +Info |
2015-03-12 |
2015-09-11 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. |
|
22 |
CVE-2014-5030 |
59 |
|
|
2014-07-29 |
2017-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. |
|
23 |
CVE-2014-5029 |
59 |
|
|
2014-07-29 |
2017-01-07 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. |
|
24 |
CVE-2014-4450 |
255 |
|
|
2014-10-22 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements. |
|
25 |
CVE-2014-4448 |
310 |
|
+Info |
2014-10-22 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. |
|
26 |
CVE-2014-4447 |
310 |
|
|
2014-10-18 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. |
|
27 |
CVE-2014-4421 |
|
|
+Info |
2014-09-18 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420. |
|
28 |
CVE-2014-4420 |
|
|
+Info |
2014-09-18 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421. |
|
29 |
CVE-2014-4419 |
|
|
+Info |
2014-09-18 |
2019-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421. |
|
30 |
CVE-2014-4386 |
362 |
|
+Priv |
2014-09-18 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Race condition in the App Installation feature in Apple iOS before 8 allows local users to gain privileges and install unverified apps by leveraging /tmp write access. |
|
31 |
CVE-2014-4384 |
22 |
|
Dir. Trav. |
2014-09-18 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle. |
|
32 |
CVE-2014-4371 |
665 |
|
+Info |
2014-09-18 |
2019-11-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421. |
|
33 |
CVE-2014-3537 |
59 |
|
|
2014-07-23 |
2023-02-02 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. |
|
34 |
CVE-2014-1352 |
264 |
|
|
2014-07-01 |
2017-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. |
|
35 |
CVE-2014-1281 |
264 |
|
|
2014-03-14 |
2014-03-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image. |
|
36 |
CVE-2013-6891 |
59 |
|
|
2014-01-26 |
2014-03-06 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. |
|
37 |
CVE-2013-5187 |
264 |
|
+Info |
2013-10-24 |
2013-10-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. |
|
38 |
CVE-2013-5169 |
264 |
|
+Info |
2013-10-24 |
2013-10-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. |
|
39 |
CVE-2013-5150 |
200 |
|
+Info |
2013-09-19 |
2014-10-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. |
|
40 |
CVE-2013-0982 |
200 |
|
Bypass +Info |
2013-06-05 |
2013-06-05 |
1.7 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. |
|
41 |
CVE-2013-0979 |
264 |
|
|
2013-03-20 |
2019-09-26 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. |
|
42 |
CVE-2012-3741 |
287 |
|
Bypass |
2012-09-20 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly handle purchase attempts after a Disable Restrictions action, which allows local users to bypass an intended Apple ID authentication step via an app that performs purchase transactions. |
|
43 |
CVE-2012-3734 |
310 |
|
Bypass |
2012-09-20 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. |
|
44 |
CVE-2012-3729 |
264 |
|
+Info |
2012-09-20 |
2017-08-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. |
|
45 |
CVE-2012-0645 |
264 |
|
Bypass |
2012-03-08 |
2018-11-29 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. |
|
46 |
CVE-2011-1073 |
59 |
|
|
2011-03-04 |
2018-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. |
|
47 |
CVE-2009-1707 |
362 |
|
|
2009-06-10 |
2010-12-10 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors. |
|
48 |
CVE-2009-0142 |
362 |
|
DoS |
2009-02-12 |
2011-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." |
|
49 |
CVE-2008-4593 |
200 |
|
+Info |
2008-10-17 |
2017-08-08 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. |
|
50 |
CVE-2008-3876 |
264 |
|
Bypass +Info |
2008-09-02 |
2008-09-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. |
