Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2015-04-10 |
| Product | Iphone Os | Last view | 2022-03-18 |
| Version | 8.4 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:iphone_os | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.6 | 2022-03-18 | CVE-2022-22671 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. |
| 3.3 | 2022-03-18 | CVE-2022-22670 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. |
| 7.8 | 2022-03-18 | CVE-2022-22667 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22666 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. |
| 6.5 | 2022-03-18 | CVE-2022-22659 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. |
| 7.5 | 2022-03-18 | CVE-2022-22653 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. |
| 6.1 | 2022-03-18 | CVE-2022-22652 | The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. |
| 7.5 | 2022-03-18 | CVE-2022-22643 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
| 9.8 | 2022-03-18 | CVE-2022-22642 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. |
| 9.8 | 2022-03-18 | CVE-2022-22641 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22640 | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22639 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
| 6.5 | 2022-03-18 | CVE-2022-22638 | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. |
| 7.8 | 2022-03-18 | CVE-2022-22636 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. |
| 9.8 | 2022-03-18 | CVE-2022-22635 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22634 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22633 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 9.8 | 2022-03-18 | CVE-2022-22632 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. |
| 4.6 | 2022-03-18 | CVE-2022-22622 | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
| 4.6 | 2022-03-18 | CVE-2022-22621 | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. |
| 8.8 | 2022-03-18 | CVE-2022-22620 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
| 7.8 | 2022-03-18 | CVE-2022-22618 | This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. |
| 7.8 | 2022-03-18 | CVE-2022-22615 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22614 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2022-03-18 | CVE-2022-22613 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (587) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13% (240) | CWE-787 | Out-of-bounds Write |
| 8% (152) | CWE-200 | Information Exposure |
| 8% (146) | CWE-20 | Improper Input Validation |
| 7% (133) | CWE-125 | Out-of-bounds Read |
| 4% (84) | CWE-416 | Use After Free |
| 2% (46) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (37) | CWE-362 | Race Condition |
| 1% (33) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (26) | CWE-254 | Security Features |
| 1% (24) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 1% (18) | CWE-264 | Permissions, Privileges, and Access Controls |
| 0% (16) | CWE-476 | NULL Pointer Dereference |
| 0% (14) | CWE-665 | Improper Initialization |
| 0% (14) | CWE-190 | Integer Overflow or Wraparound |
| 0% (14) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 0% (13) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (11) | CWE-287 | Improper Authentication |
| 0% (11) | CWE-284 | Access Control (Authorization) Issues |
| 0% (11) | CWE-269 | Improper Privilege Management |
| 0% (9) | CWE-295 | Certificate Issues |
| 0% (8) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (6) | CWE-399 | Resource Management Errors |
| 0% (6) | CWE-19 | Data Handling |
| 0% (5) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-11-19 | Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt RuleID : 56044 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-19 | Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt RuleID : 56043 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56009 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-11-18 | Apple Safari WebKit JSPropertyNameEnumeration type confusion attempt RuleID : 56008 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55799 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55798 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55013 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55012 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1094 attack attempt RuleID : 54309 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | TRUFFLEHUNTER TALOS-2020-1094 attack attempt RuleID : 54308 - Type : FILE-OTHER - Revision : 1 |
| 2020-06-13 | WebKit use-after-free remote code execution attempt RuleID : 53976 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-17 | Apple Safari Webkit WebCore memory corruption attempt RuleID : 53101 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-17 | Apple Safari Webkit WebCore memory corruption attempt RuleID : 53100 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-21 | Apple Webkit updateMinimumColumnHeight use-after-free attempt RuleID : 52486 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-21 | Apple Webkit updateMinimumColumnHeight use-after-free attempt RuleID : 52485 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52316 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit memory corruption attempt RuleID : 52315 - Type : BROWSER-WEBKIT - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1633.nasl - Type: ACT_GATHER_INFO |
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-118b9abf99.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-1a8582a7ee.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-499f2dbc96.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-509fc4a5c8.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-97c58e29e4.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a1f37d2f08.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e2e8a07a01.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1_1.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-12-21 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-003.nasl - Type: ACT_GATHER_INFO |
| 2018-12-19 | Name: An application installed on remote host is affected by multiple vulnerabilities File: itunes_12_9_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-07 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_2.nasl - Type: ACT_GATHER_INFO |
| 2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1573.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_12_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari12_0_1.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
