CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14315 119 Overflow +Priv Bypass 2017-09-12 2017-09-21
7.9
None Local Network Medium Not required Complete Complete Complete
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
2 CVE-2017-13842 200 Bypass +Info 2017-11-12 2017-11-28
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
3 CVE-2017-13841 200 Bypass +Info 2017-11-12 2017-11-28
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
4 CVE-2017-13840 200 Bypass +Info 2017-11-12 2017-11-28
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
5 CVE-2017-13836 200 Bypass +Info 2017-11-12 2017-11-28
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
6 CVE-2017-13823 200 Bypass +Info 2017-11-12 2017-11-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
7 CVE-2017-13822 200 Bypass +Info 2017-11-12 2017-11-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
8 CVE-2017-13821 200 Bypass +Info 2017-11-12 2017-11-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
9 CVE-2017-13819 79 XSS Bypass 2017-11-12 2017-11-27
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents.
10 CVE-2017-13818 200 Bypass +Info 2017-11-12 2017-11-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
11 CVE-2017-13817 125 Bypass 2017-11-12 2017-11-27
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.
12 CVE-2017-13782 200 Bypass +Info 2017-11-12 2017-11-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.
13 CVE-2017-7150 284 Bypass 2017-10-22 2017-10-26
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.
14 CVE-2017-7142 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.
15 CVE-2017-7141 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via an HTML email message.
16 CVE-2017-7119 20 Bypass 2017-10-22 2017-10-25
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
17 CVE-2017-7113 200 Bypass +Info 2017-11-12 2017-11-28
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.
18 CVE-2017-7090 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
19 CVE-2017-7084 264 Bypass 2017-10-22 2017-10-26
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Application Firewall" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade.
20 CVE-2017-7080 295 Bypass 2017-10-22 2017-10-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.
21 CVE-2017-7067 284 Bypass 2017-07-20 2017-07-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
22 CVE-2017-7064 20 Bypass 2017-07-20 2017-08-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
23 CVE-2017-7045 20 Bypass 2017-07-20 2017-07-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
24 CVE-2017-7036 125 Bypass 2017-07-20 2017-07-24
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
25 CVE-2017-7029 200 Bypass +Info 2017-07-20 2017-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
26 CVE-2017-7028 200 Bypass +Info 2017-07-20 2017-07-21
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
27 CVE-2017-7006 361 Bypass +Info 2017-07-20 2017-10-15
2.6
None Remote High Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.
28 CVE-2017-6990 284 Bypass 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
29 CVE-2017-6987 200 Bypass +Info 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
30 CVE-2017-2540 264 Bypass 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
31 CVE-2017-2516 284 Bypass 2017-05-22 2017-08-12
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
32 CVE-2017-2509 284 Bypass 2017-05-22 2017-08-12
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
33 CVE-2017-2507 200 Bypass +Info 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
34 CVE-2017-2502 284 Bypass 2017-05-22 2017-07-07
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
35 CVE-2017-2498 295 Bypass 2017-05-22 2017-07-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
36 CVE-2017-2480 200 Bypass +Info 2017-04-01 2017-08-15
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
37 CVE-2017-2479 20 Bypass +Info 2017-04-01 2017-08-15
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
38 CVE-2017-2448 200 Bypass +Info 2017-04-01 2017-07-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
39 CVE-2017-2442 20 Bypass +Info 2017-04-01 2017-08-15
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
40 CVE-2017-2429 275 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "FinderKit" component. It allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging unexpected permission changes during an iCloud Sharing Send Link action.
41 CVE-2017-2423 284 Bypass 2017-04-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.
42 CVE-2017-2419 284 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
43 CVE-2017-2402 284 Bypass 2017-04-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.
44 CVE-2017-2391 326 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
45 CVE-2017-2386 284 Bypass +Info 2017-04-01 2017-07-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
46 CVE-2017-2380 326 Bypass 2017-04-01 2017-06-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.
47 CVE-2017-2367 284 Bypass +Info 2017-04-01 2017-08-15
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
48 CVE-2017-2365 200 Bypass +Info 2017-02-20 2017-08-31
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
49 CVE-2017-2364 200 Bypass +Info 2017-02-20 2017-08-15
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
50 CVE-2017-2363 200 Bypass +Info 2017-02-20 2017-08-31
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Total number of vulnerabilities : 358   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.