This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2019-02-18
Product Iphone Os Last view 2020-10-27
Version 12.1.4 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:iphone_os

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-10-27 CVE-2020-9979

A trust issue was addressed by removing a legacy API. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0. An attacker may be able to misuse a trust relationship to download malicious content.

7.8 2020-10-27 CVE-2020-9973

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

8.8 2020-10-27 CVE-2020-9932

A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution.

7.8 2020-10-27 CVE-2020-3880

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8 2020-10-27 CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

6.5 2020-10-27 CVE-2019-8901

This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH†action.

4.3 2020-10-27 CVE-2019-8898

An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.

3.3 2020-10-27 CVE-2019-8857

The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel.

3.3 2020-10-27 CVE-2019-8856

An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans.

7.5 2020-10-27 CVE-2019-8854

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.

5.5 2020-10-27 CVE-2019-8850

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory.

7.8 2020-10-27 CVE-2019-8848

This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges.

8.8 2020-10-27 CVE-2019-8846

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8 2020-10-27 CVE-2019-8844

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

7.8 2020-10-27 CVE-2019-8841

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

7.8 2020-10-27 CVE-2019-8838

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

7.8 2020-10-27 CVE-2019-8836

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges.

8.8 2020-10-27 CVE-2019-8835

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

4.3 2020-10-27 CVE-2019-8834

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

7.8 2020-10-27 CVE-2019-8833

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

7.8 2020-10-27 CVE-2019-8832

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with system privileges.

7.8 2020-10-27 CVE-2019-8831

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges.

8.8 2020-10-27 CVE-2019-8830

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution.

7.8 2020-10-27 CVE-2019-8829

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges.

7.8 2020-10-27 CVE-2019-8828

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
20% (67) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
18% (59) CWE-787 Out-of-bounds Write
12% (41) CWE-125 Out-of-bounds Read
9% (30) CWE-20 Improper Input Validation
7% (23) CWE-200 Information Exposure
6% (21) CWE-416 Use After Free
4% (16) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (14) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (6) CWE-665 Improper Initialization
1% (4) CWE-362 Race Condition
1% (4) CWE-287 Improper Authentication
1% (4) CWE-59 Improper Link Resolution Before File Access ('Link Following')
0% (3) CWE-668 Exposure of Resource to Wrong Sphere
0% (3) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (3) CWE-269 Improper Privilege Management
0% (3) CWE-190 Integer Overflow or Wraparound
0% (2) CWE-667 Insufficient Locking
0% (2) CWE-346 Origin Validation Error
0% (2) CWE-276 Incorrect Default Permissions
0% (1) CWE-670 Always-Incorrect Control Flow Implementation
0% (1) CWE-613 Insufficient Session Expiration
0% (1) CWE-522 Insufficiently Protected Credentials
0% (1) CWE-502 Deserialization of Untrusted Data
0% (1) CWE-459 Incomplete Cleanup
0% (1) CWE-415 Double Free

Snort® IPS/IDS

Date Description
2020-10-22 Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt
RuleID : 55799 - Type : FILE-OTHER - Revision : 1
2020-10-22 Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt
RuleID : 55798 - Type : FILE-OTHER - Revision : 1
2020-10-06 WebKit AudioArray allocate out of bounds access attempt
RuleID : 55013 - Type : BROWSER-WEBKIT - Revision : 1
2020-10-06 WebKit AudioArray allocate out of bounds access attempt
RuleID : 55012 - Type : BROWSER-WEBKIT - Revision : 1
2020-09-02 WebKit JIT compiler common subexpression elimination out of bounds access att...
RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2
2020-09-02 WebKit JIT compiler common subexpression elimination out of bounds access att...
RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2
2020-04-21 Apple Safari WebKit JavaScript engine type confusion attempt
RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1
2020-04-21 Apple Safari WebKit JavaScript engine type confusion attempt
RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-19 Apple Safari WebKit cached page memory corruption attempt
RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1
2020-03-19 Apple Safari WebKit cached page memory corruption attempt
RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1
2020-01-03 Apple Safari WebKit out-of-bounds read attempt
RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-15 WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt
RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore JSValue use after free attempt
RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1
2019-11-12 WebKit JavaScriptCore AIR optimization memory corruption attempt
RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 Apple WebKit JSArray component out-of-bounds access
RuleID : 51382 - Type : BROWSER-WEBKIT - Revision : 1
2019-10-01 Apple WebKit JSArray component out-of-bounds access
RuleID : 51381 - Type : BROWSER-WEBKIT - Revision : 1