This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apple First view 2021-05-21
Product Iphone Os Last view 2022-03-18
Version 14.7 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:apple:iphone_os

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
4.6 2022-03-18 CVE-2022-22671

An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.

3.3 2022-03-18 CVE-2022-22670

An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.

7.8 2022-03-18 CVE-2022-22667

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.

7.8 2022-03-18 CVE-2022-22666

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.

6.5 2022-03-18 CVE-2022-22659

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information.

7.5 2022-03-18 CVE-2022-22653

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.

6.1 2022-03-18 CVE-2022-22652

The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.

7.5 2022-03-18 CVE-2022-22643

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.

9.8 2022-03-18 CVE-2022-22642

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.

9.8 2022-03-18 CVE-2022-22641

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

7.8 2022-03-18 CVE-2022-22640

A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.

7.8 2022-03-18 CVE-2022-22639

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.

6.5 2022-03-18 CVE-2022-22638

A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.

7.8 2022-03-18 CVE-2022-22636

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.

9.8 2022-03-18 CVE-2022-22635

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.

7.8 2022-03-18 CVE-2022-22634

A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.

7.8 2022-03-18 CVE-2022-22633

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

9.8 2022-03-18 CVE-2022-22632

A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.

4.6 2022-03-18 CVE-2022-22622

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

4.6 2022-03-18 CVE-2022-22621

This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

8.8 2022-03-18 CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

7.8 2022-03-18 CVE-2022-22618

This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.

7.8 2022-03-18 CVE-2022-22615

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

7.8 2022-03-18 CVE-2022-22614

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

7.8 2022-03-18 CVE-2022-22613

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.

CWE : Common Weakness Enumeration

%idName
25% (29) CWE-787 Out-of-bounds Write
13% (15) CWE-416 Use After Free
11% (13) CWE-668 Exposure of Resource to Wrong Sphere
10% (12) CWE-125 Out-of-bounds Read
9% (11) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (6) CWE-362 Race Condition
3% (4) CWE-20 Improper Input Validation
2% (3) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (3) CWE-269 Improper Privilege Management
2% (3) CWE-190 Integer Overflow or Wraparound
2% (3) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (2) CWE-287 Improper Authentication
1% (2) CWE-200 Information Exposure
1% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
0% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
0% (1) CWE-476 NULL Pointer Dereference
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1) CWE-346 Origin Validation Error
0% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')