This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2019-02-18
Product Iphone Os Last view 2020-06-09
Version 12.1 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:iphone_os

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-06-09 CVE-2020-9852

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

9.8 2020-06-09 CVE-2020-9850

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

2.4 2020-06-09 CVE-2020-9848

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.

7.5 2020-06-09 CVE-2020-9844

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

6.1 2020-06-09 CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

5.5 2020-06-09 CVE-2020-9842

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements.

7 2020-06-09 CVE-2020-9839

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

9.8 2020-06-09 CVE-2020-9838

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution.

7.5 2020-06-09 CVE-2020-9837

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.

5.3 2020-06-09 CVE-2020-9835

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.

6.5 2020-06-09 CVE-2020-9829

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.

7.5 2020-06-09 CVE-2020-9827

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

7.5 2020-06-09 CVE-2020-9826

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

7.8 2020-06-09 CVE-2020-9825

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.

7.5 2020-06-09 CVE-2020-9823

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.

7.8 2020-06-09 CVE-2020-9821

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

7.5 2020-06-09 CVE-2020-9820

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.

4.3 2020-06-09 CVE-2020-9819

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.

8.8 2020-06-09 CVE-2020-9818

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

7.8 2020-06-09 CVE-2020-9816

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

7.8 2020-06-09 CVE-2020-9815

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

7.8 2020-06-09 CVE-2020-9814

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8 2020-06-09 CVE-2020-9813

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

5.5 2020-06-09 CVE-2020-9812

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

5.5 2020-06-09 CVE-2020-9811

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
40% (119) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (36) CWE-20 Improper Input Validation
9% (29) CWE-125 Out-of-bounds Read
8% (26) CWE-200 Information Exposure
5% (17) CWE-416 Use After Free
4% (13) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (6) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (5) CWE-787 Out-of-bounds Write
1% (4) CWE-362 Race Condition
1% (3) CWE-668 Exposure of Resource to Wrong Sphere
1% (3) CWE-287 Improper Authentication
1% (3) CWE-190 Integer Overflow or Wraparound
0% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (2) CWE-704 Incorrect Type Conversion or Cast
0% (2) CWE-665 Improper Initialization
0% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (2) CWE-399 Resource Management Errors
0% (2) CWE-326 Inadequate Encryption Strength
0% (2) CWE-276 Incorrect Default Permissions
0% (2) CWE-269 Improper Privilege Management
0% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
0% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (1) CWE-670 Always-Incorrect Control Flow Implementation
0% (1) CWE-613 Insufficient Session Expiration
0% (1) CWE-522 Insufficiently Protected Credentials

Snort® IPS/IDS

Date Description
2020-04-21 Apple Safari WebKit JavaScript engine type confusion attempt
RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1
2020-04-21 Apple Safari WebKit JavaScript engine type confusion attempt
RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-19 Apple Safari WebKit cached page memory corruption attempt
RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-19 Apple Safari WebKit cached page memory corruption attempt
RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-08 Apple Safari memory corruption attempt
RuleID : 51416 - Type : BROWSER-WEBKIT - Revision : 2
2019-10-08 Apple Safari memory corruption attempt
RuleID : 51415 - Type : BROWSER-WEBKIT - Revision : 2
2019-10-01 WebKit GetIndexedPropertyStorage memory corruption attempt
RuleID : 51386 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 WebKit GetIndexedPropertyStorage memory corruption attempt
RuleID : 51385 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 Apple WebKit JSArray component out-of-bounds access
RuleID : 51382 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 Apple WebKit JSArray component out-of-bounds access
RuleID : 51381 - Type : BROWSER-WEBKIT - Revision : 1
2018-08-04 Microsoft Edge proxy object type confusion attempt
RuleID : 47083 - Type : BROWSER-IE - Revision : 2
2018-08-04 Microsoft Edge proxy object type confusion attempt
RuleID : 47082 - Type : BROWSER-IE - Revision : 2
2017-04-20 Microsoft Edge proxy object type confusion attempt
RuleID : 42041 - Type : BROWSER-IE - Revision : 5
2017-04-20 Microsoft Edge proxy object type confusion attempt
RuleID : 42040 - Type : BROWSER-IE - Revision : 5

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Apple TV device is affected by multiple vulnerabilities.
File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote host is missing a macOS security update that fixes multiple vulner...
File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO
2018-12-19 Name: An application installed on remote host is affected by multiple vulnerabilities
File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: A web browser installed on the remote macOS or Mac OS X host is affected by m...
File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO