CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-13903 371 2017-12-25 2017-12-29
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.
2 CVE-2017-13878 125 DoS Bypass 2017-12-25 2017-12-28
5.6
None Local Low Not required Partial None Complete
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
3 CVE-2017-13874 254 Bypass 2017-12-25 2017-12-28
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.
4 CVE-2017-13871 371 2017-12-25 2017-12-28
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.
5 CVE-2017-13831 200 DoS +Info 2017-11-12 2017-11-27
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.
6 CVE-2017-13820 119 DoS Overflow Mem. Corr. +Info 2017-11-12 2017-11-27
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.
7 CVE-2017-11122 200 +Info 2017-10-03 2017-11-02
5.0
None Remote Low Not required Partial None None
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
8 CVE-2017-7154 20 DoS Bypass 2017-12-27 2018-01-13
5.6
None Local Low Not required Partial None Complete
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).
9 CVE-2017-7147 200 +Info 2017-10-22 2017-10-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time.
10 CVE-2017-7146 254 2017-10-22 2017-10-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
11 CVE-2017-7145 275 2017-10-22 2017-10-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
12 CVE-2017-7142 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.
13 CVE-2017-7141 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message.
14 CVE-2017-7140 200 +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.
15 CVE-2017-7133 310 +Info 2017-10-22 2017-10-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted.
16 CVE-2017-7116 200 +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.
17 CVE-2017-7090 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
18 CVE-2017-7080 295 Bypass 2017-10-22 2017-10-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.
19 CVE-2017-7078 200 +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.
20 CVE-2017-7063 399 DoS 2017-07-20 2017-07-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).
21 CVE-2017-7007 400 DoS 2017-07-20 2017-07-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).
22 CVE-2017-2498 295 Bypass 2017-05-22 2017-07-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
23 CVE-2017-2497 601 2017-05-22 2017-07-07
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.
24 CVE-2017-2484 254 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.
25 CVE-2017-2461 399 DoS 2017-04-01 2017-07-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
26 CVE-2017-2450 125 DoS +Info 2017-04-01 2017-07-11
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
27 CVE-2017-2447 119 DoS Overflow Mem. Corr. +Info 2017-04-01 2017-08-15
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
28 CVE-2017-2439 125 DoS +Info 2017-04-01 2017-07-11
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
29 CVE-2017-2429 275 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.
30 CVE-2017-2419 284 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
31 CVE-2017-2414 20 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.
32 CVE-2017-2409 125 DoS +Info 2017-04-01 2017-07-11
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Menus" component. It allows attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted app.
33 CVE-2017-2404 254 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
34 CVE-2017-2400 200 +Info 2017-04-01 2017-07-11
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing.
35 CVE-2017-2391 326 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
36 CVE-2017-2389 284 DoS 2017-04-01 2017-07-11
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.
37 CVE-2017-2382 200 +Info 2017-04-01 2017-07-11
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS Server before 5.3 is affected. The issue involves the "Wiki Server" component. It allows remote attackers to enumerate user accounts via unspecified vectors.
38 CVE-2017-2380 326 Bypass 2017-04-01 2017-06-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.
39 CVE-2017-2377 119 DoS Overflow Mem. Corr. 2017-04-01 2017-07-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.
40 CVE-2017-2376 284 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.
41 CVE-2016-10226 125 DoS 2017-04-03 2017-04-10
5.0
None Remote Low Not required None None Partial
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.
42 CVE-2016-10222 20 DoS 2017-04-03 2017-04-10
5.0
None Remote Low Not required None None Partial
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.
43 CVE-2016-7667 20 DoS 2017-02-20 2017-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
44 CVE-2016-7662 295 2017-02-20 2017-07-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
45 CVE-2016-7643 125 DoS +Info 2017-02-20 2017-07-26
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site.
46 CVE-2016-7153 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
47 CVE-2016-7152 200 +Info 2016-09-06 2017-02-19
5.0
None Remote Low Not required Partial None None
The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
48 CVE-2016-4774 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
49 CVE-2016-4773 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
50 CVE-2016-4772 399 DoS 2016-09-25 2017-07-29
5.0
None Remote Low Not required None None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
Total number of vulnerabilities : 507   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.