# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-5383 |
310 |
|
|
2018-08-07 |
2018-10-18 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
2 |
CVE-2018-4278 |
254 |
|
|
2019-01-11 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. |
3 |
CVE-2018-4250 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. |
4 |
CVE-2018-4247 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. |
5 |
CVE-2018-4240 |
20 |
|
DoS |
2018-06-08 |
2018-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. |
6 |
CVE-2018-4232 |
19 |
|
|
2018-06-08 |
2018-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. |
7 |
CVE-2018-4202 |
284 |
|
|
2018-06-08 |
2018-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "iBooks" component. It allows man-in-the-middle attackers to spoof a password prompt. |
8 |
CVE-2018-4198 |
20 |
|
DoS |
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "UIKit" component. It allows remote attackers to cause a denial of service via a crafted text file. |
9 |
CVE-2018-4190 |
255 |
|
+Info |
2018-06-08 |
2018-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. |
10 |
CVE-2018-4188 |
20 |
|
|
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site. |
11 |
CVE-2018-4187 |
20 |
|
|
2018-06-08 |
2018-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message. |
12 |
CVE-2018-4174 |
310 |
|
|
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. |
13 |
CVE-2018-4173 |
284 |
|
|
2018-04-13 |
2018-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app. |
14 |
CVE-2018-4146 |
119 |
|
DoS Overflow Mem. Corr. |
2018-04-03 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site. |
15 |
CVE-2018-4131 |
254 |
|
Bypass |
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass the Secure Input Mode protection mechanism, and log keystrokes of arbitrary apps, via a crafted app that scans key states. |
16 |
CVE-2018-4117 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. |
17 |
CVE-2018-4113 |
20 |
|
|
2018-04-03 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. |
18 |
CVE-2018-4104 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
19 |
CVE-2018-4093 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
20 |
CVE-2018-4090 |
200 |
|
Bypass +Info |
2018-04-03 |
2018-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
21 |
CVE-2018-4086 |
295 |
|
|
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints. |
22 |
CVE-2017-13891 |
20 |
|
|
2019-01-11 |
2019-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management. |
23 |
CVE-2017-13877 |
200 |
|
+Info |
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app. |
24 |
CVE-2017-13873 |
200 |
|
+Info |
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app. |
25 |
CVE-2017-13869 |
200 |
|
Bypass +Info |
2017-12-25 |
2017-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
26 |
CVE-2017-13868 |
200 |
|
Bypass +Info |
2017-12-25 |
2018-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
27 |
CVE-2017-13865 |
200 |
|
Bypass +Info |
2017-12-25 |
2017-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
28 |
CVE-2017-13863 |
295 |
|
|
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates. |
29 |
CVE-2017-13860 |
200 |
|
+Info |
2017-12-25 |
2017-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption. |
30 |
CVE-2017-13855 |
704 |
|
Bypass |
2017-12-25 |
2017-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion. |
31 |
CVE-2017-13852 |
200 |
|
+Info |
2017-11-12 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. |
32 |
CVE-2017-13849 |
20 |
|
DoS |
2017-11-12 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file. |
33 |
CVE-2017-13806 |
254 |
|
|
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. |
34 |
CVE-2017-13804 |
20 |
|
|
2017-11-12 |
2017-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive. |
35 |
CVE-2017-7164 |
20 |
|
|
2018-04-03 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to spoof password prompts. |
36 |
CVE-2017-7152 |
254 |
|
|
2017-12-27 |
2017-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site. |
37 |
CVE-2017-7148 |
200 |
|
+Info |
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. |
38 |
CVE-2017-7144 |
275 |
|
|
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. |
39 |
CVE-2017-7131 |
200 |
|
+Info |
2017-10-22 |
2017-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app. |
40 |
CVE-2017-7118 |
20 |
|
DoS |
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafted image. |
41 |
CVE-2017-7109 |
79 |
|
XSS |
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. |
42 |
CVE-2017-7106 |
20 |
|
|
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar. |
43 |
CVE-2017-7097 |
119 |
|
DoS Overflow Mem. Corr. |
2017-10-22 |
2017-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image. |
44 |
CVE-2017-7089 |
79 |
|
XSS |
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. |
45 |
CVE-2017-7085 |
20 |
|
|
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar. |
46 |
CVE-2017-7083 |
20 |
|
DoS |
2017-10-22 |
2017-10-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service. |
47 |
CVE-2017-7072 |
20 |
|
DoS |
2017-10-22 |
2017-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file. |
48 |
CVE-2017-7064 |
20 |
|
Bypass |
2017-07-20 |
2017-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. |
49 |
CVE-2017-7060 |
20 |
|
DoS |
2017-07-20 |
2017-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site. |
50 |
CVE-2017-7059 |
79 |
|
XSS |
2017-07-20 |
2017-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. |