A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.
Source: MITRE
Max CVSS
2.4
EPSS Score
0.09%
Published
2021-08-24
Updated
2023-01-09
This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.
Source: Apple Inc.
Max CVSS
2.4
EPSS Score
0.08%
Published
2020-10-27
Updated
2021-07-21
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.
Source: Apple Inc.
Max CVSS
2.4
EPSS Score
0.06%
Published
2020-10-27
Updated
2020-10-30
A race condition existed when reading and writing user preferences. This was addressed with improved state handling. This issue is fixed in macOS Catalina 10.15. The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics.
Source: Apple Inc.
Max CVSS
2.5
EPSS Score
0.04%
Published
2019-12-18
Updated
2019-12-26
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewall prompts.
Source: Apple Inc.
Max CVSS
2.4
EPSS Score
0.09%
Published
2017-10-23
Updated
2017-10-26
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
Source: MITRE
Max CVSS
2.6
EPSS Score
0.97%
Published
2015-11-18
Updated
2019-03-08
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
Source: Apple Inc.
Max CVSS
2.6
EPSS Score
0.13%
Published
2015-12-11
Updated
2017-09-13
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-12-11
Updated
2017-09-13
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
Source: Apple Inc.
Max CVSS
2.6
EPSS Score
0.14%
Published
2015-12-11
Updated
2019-03-08
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-23
Updated
2015-10-27
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-08
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-08
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-10-09
Updated
2016-12-09
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-09-18
Updated
2016-12-22
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-17
Updated
2017-09-21
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-08-16
Updated
2017-09-21
LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-04-10
Updated
2015-09-17
UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-30
Updated
2017-09-08
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
Source: Apple Inc.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-01-30
Updated
2017-09-08
110 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!