Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2013-06-05 |
| Product | Iphone Os | Last view | 2021-10-19 |
| Version | 8.1.2 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:iphone_os | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2021-10-19 | CVE-2021-30846 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 7.8 | 2021-10-19 | CVE-2021-30838 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine. |
| 7.8 | 2021-10-19 | CVE-2021-30837 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges. |
| 7.5 | 2021-10-19 | CVE-2021-30826 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection. |
| 7.8 | 2021-10-19 | CVE-2021-30825 | This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 9.8 | 2021-10-19 | CVE-2021-30820 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution. |
| 5.5 | 2021-10-19 | CVE-2021-30819 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. |
| 2.4 | 2021-10-19 | CVE-2021-30815 | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen. |
| 5.5 | 2021-10-19 | CVE-2021-30811 | This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. |
| 4.3 | 2021-10-19 | CVE-2021-30810 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. |
| 7.8 | 2021-10-19 | CVE-2021-30807 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. |
| 3.3 | 2021-09-08 | CVE-2021-30804 | A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data. |
| 8.8 | 2021-09-08 | CVE-2021-30802 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2021-09-08 | CVE-2021-30800 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7. Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution. |
| 8.8 | 2021-09-08 | CVE-2021-30799 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 7.5 | 2021-09-08 | CVE-2021-30798 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6. A malicious application may be able to bypass certain Privacy preferences. |
| 8.8 | 2021-09-08 | CVE-2021-30797 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution. |
| 6.5 | 2021-09-08 | CVE-2021-30796 | A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. |
| 8.8 | 2021-09-08 | CVE-2021-30795 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 7.8 | 2021-09-08 | CVE-2021-30792 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 5.5 | 2021-09-08 | CVE-2021-30791 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Processing a maliciously crafted file may disclose user information. |
| 7.8 | 2021-09-08 | CVE-2021-30789 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution. |
| 7.1 | 2021-09-08 | CVE-2021-30788 | This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents. |
| 7 | 2021-09-08 | CVE-2021-30786 | A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 7.8 | 2021-09-08 | CVE-2021-30785 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 35% (610) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (209) | CWE-787 | Out-of-bounds Write |
| 9% (169) | CWE-200 | Information Exposure |
| 8% (154) | CWE-20 | Improper Input Validation |
| 6% (117) | CWE-125 | Out-of-bounds Read |
| 3% (69) | CWE-416 | Use After Free |
| 2% (45) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (31) | CWE-399 | Resource Management Errors |
| 1% (31) | CWE-362 | Race Condition |
| 1% (30) | CWE-254 | Security Features |
| 1% (28) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (23) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 0% (14) | CWE-665 | Improper Initialization |
| 0% (14) | CWE-476 | NULL Pointer Dereference |
| 0% (12) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (12) | CWE-284 | Access Control (Authorization) Issues |
| 0% (12) | CWE-190 | Integer Overflow or Wraparound |
| 0% (12) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (10) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (10) | CWE-19 | Data Handling |
| 0% (9) | CWE-295 | Certificate Issues |
| 0% (9) | CWE-287 | Improper Authentication |
| 0% (9) | CWE-269 | Improper Privilege Management |
| 0% (9) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (7) | CWE-310 | Cryptographic Issues |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-11-19 | Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt RuleID : 56044 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-19 | Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt RuleID : 56043 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56009 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56008 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55799 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55798 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55013 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55012 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-06-13 | WebKit use-after-free remote code execution attempt RuleID : 53976 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-17 | Apple Safari Webkit WebCore memory corruption attempt RuleID : 53101 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-17 | Apple Safari Webkit WebCore memory corruption attempt RuleID : 53100 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-21 | Apple Webkit updateMinimumColumnHeight use-after-free attempt RuleID : 52486 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-21 | Apple Webkit updateMinimumColumnHeight use-after-free attempt RuleID : 52485 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52314 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52313 - Type : BROWSER-WEBKIT - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-509fc4a5c8.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-97c58e29e4.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a1f37d2f08.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-19 | Name: An application installed on remote host is affected by multiple vulnerabilities File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
